Japan’s military has used Chinese counterfeit USB sticks infected with malware linked to Chinese hacker groups for almost a year without it being detected by security scanning systems, according to a report by Nikkei Asia.
The Japanese media outlet reported on June 25 that Japan’s Ground Self-Defense Force (GSDF) had been using the Chinese USB flash drives since March 2024 and did not discover the infected devices until February 2025, according to internal documents obtained by the outlet. Multiple security measures implemented by the Japanese military to prevent such cybersecurity vulnerabilities had failed to detect the virus.
“In February 2025, a USB drive acquired by the JGSDF Middle Army headquarters was found to contain malware,” the GSDF public relations office said in a statement when the security loophole was revealed by Nikkei Asia.
A member of the GSDF at a regional headquarters in Itami City, near Osaka, noticed in 2025 that a computer was running slowly. Upon inspecting a USB drive that had been connected to the computer, a virus was discovered, according to the report.
An internal investigation uncovered six infected flash drives. Out of approximately 480 computers examined, more than 50 had the infected drives plugged into them. Nearly half of these computers were connected to closed systems handling highly classified information, such as military command and control systems, said the report.
The Japan Ground Self-Defense Force’s computer systems are built upon the Defense Information Infrastructure (DII) used by the Ministry of Defense and the Self-Defense Forces. These systems are separated into internet-connected open systems and highly secure closed systems, which are isolated from one another. As daily operations frequently require data exchange between these systems, Self-Defense Force personnel often use USB flash drives, according to the report.
Related Stories
An analysis by the GSDF’s cybersecurity unit revealed that the USB drives were counterfeit products made in China. Instead of standard memory chips, they utilized cheap, slow microSD cards as storage media, and some of these cards were infected with malware. The virus has been identified in a U.S. security company report as having been used in the past by a Chinese hacker group. It infects a computer the moment the USB drive is inserted, said the report.
Similar USB flash drives made in China appear to be widely sold on Japanese and international e-commerce platforms, selling for only half of the market price, said Nikkei Asia.
The GSDF typically employs multi-layered security checks, including virus scanning during procurement and while computers are in use. However, because these USB flash drives were excluded from the scope of the computer security software’s scans, the virus was not detected until nearly a year after they had been put into use, according to the report.
Delayed Revelation
The Japanese military chose not to go public with the incident when it was discovered in 2025, according to Nikkei Asia.
Why the incident is being revealed now, analysts told The Epoch Times, is likely because tensions are increasing between Japan and China.
Japan is shifting toward a more proactive stance regarding defense along the first island chain and even the second island chain to contain the Chinese communist regime’s maritime expansion, said Wang Shiow-wen, an assistant researcher at Taiwan’s Institute for National Defense and Security Research.
First and second island chains. Courtesy of the Department of Defense
“Consequently, China’s ruling Communist Party (CCP) has utilized export controls on rare earth elements as a geopolitical tool, progressively tightening its grip on a critical choke point for Japanese industry. Against this backdrop, it is difficult for friendly interactions to develop between the two nations,” she told The Epoch Times.
On the other hand, the Japanese are very cautious in their actions, especially regarding matters of national security and military secrets, where the slightest carelessness could trigger a major diplomatic incident, Wang said. “The fact that the Japanese media is reporting this now indicates that Japan has indeed obtained evidence of China using USB drives infected with malware to hack into Japanese military computer systems.
“It also vividly illustrates the lengths to which China will go to steal foreign classified intelligence, serving as a cautionary tale for other Western nations.”
Japanese Prime Minister Sanae Takaichi has taken a tougher stance on the CCP and its ambition to annex Taiwan, the self-ruled island nation. She made a statement in January that if something serious happens to Taiwan, “we would have to go to rescue the Japanese and American citizens in Taiwan,” and if the U.S. forces come under attack and “Japan does nothing and simply runs away, the Japan–U.S. alliance would collapse.”
Her remarks triggered a strong reaction from the CCP, and tensions between the Chinese regime and Japan have been high.
At trade fairs, giveaways such as USBs may be loaded with spyware by Chinese government hackers. Seth Holehouse/The Epoch Times
Meanwhile, a spokesperson for the Ishikawa Prefectural Government, which is alleged in the internal documents to have provided the USB drives to the military, told Nikkei Asia that “we could not confirm any record of procuring the USB drives or paying for their purchase.”
Tang Jingyuan, U.S.-based China analyst and current affairs commentator, told The Epoch Times that since becoming the “world’s factory,” China is one of the world’s largest suppliers of USB flash drives—especially the cheaper ones.
“[With] no records to be found regarding the entire process of their procurement and without full security inspection and prevention measures, these flash drives were used directly on highly classified, closed systems, and even swapped between open and closed systems. This is a practice with extremely high security risks,” Tang said.
Planting malware on USB drives is a very low-level tactic, and it isn’t necessarily the work of Chinese intelligence agencies, Shen said.
“It’s possible that the mandatory embedding of the malware was enforced during the manufacturing process of the relevant IT products by the CCP’s requirement,” he said.
“Once embedded, intelligence agencies can continuously harvest vast amounts of data from them. After the data is collected, it is categorized and organized using the CCP’s big data analytics before being distributed to various units. This is currently a common method for stealing data. It is simply that Japan lacks sufficient vigilance in this regard.”
Since these USB drives had been in use for almost a year, every single computer that came into contact with them was compromised, Shen said.
“The reason is that such drives are embedded with backdoor programs. The moment they are used or connected to a system, two things happen: first, they immediately transmit all the data on the computer to China; second, they may also plant a Trojan horse program on the computer,” he explained.
So, the announcement of this incident right now serves as a valuable wake-up call for Japan, especially regarding cybersecurity, an area where they have tended to lack vigilance, Shen said.
Countering CCP’s Cyber Espionage
When asked about the Nikkei Asia’s report at a June 26 press conference, Japan’s Defense Minister Shinjiro Koizumi responded, “I think it was a problem that the rules for virus checks and safety were not followed when using USB memory sticks without exception. To prevent this from happening, we are currently thoroughly conducting a virus check.”
He said that in the future, he’d like to work closely with Matsumoto, the Minister in charge of Cyber Security.
(L-R) Australian Foreign Minister Penny Wong, India’s Minister of External Affairs S. Jaishankar, Japanese Foreign Minister Toshimitsu Motegi and U.S. Secretary of State Marco Rubio pose after a Quad ministerial meeting at Hyderabad House in New Delhi, India, on May 26, 2026. Julia Demaree Nikhinson/Reuters
Taiwan had similar incidents in the past, which is why it now bans the use of many information technology products from mainland China, Shen said.
“Taiwan’s experience could actually serve as a useful reference for Japan.”
There is intelligence and counterintelligence cooperation among the Five Eyes alliance, but Japan is not part of that alliance, Shen noted. “However, Japan likely engages in relevant cooperation with the United States or other nations.
“Ultimately, the most important thing is for Japan’s law enforcement agencies and military to possess sufficient security awareness and vigilance.”
Tang said that from aspects of politics and diplomacy, the international community should maximize public exposure of the CCP’s cyber espionage.
“We can see that the United States, Japan, and many European countries are no longer holding back,” he said.
Japan officially passed the Active Cyber Defense Law in May 2025, enabling its military and law enforcement to launch preemptive offensive cyber operations starting from Oct. 1 2026.
“This is actually a significant shift, marking a change in Japan’s cybersecurity strategy from purely defensive to proactive counter-attacks and countermeasures,” Tang said.
Wang suggested a variety of preventive cyber defense measures.
Aside from taking a proactive stance, measures to contain the CCP’s cyber attack may include: “Export control of cutting-edge science and technology on the Chinese regime, review of critical infrastructure, and joint multinational operations. Japan and the United States have clearly included cyberspace within the scope of application of Article 5 of the Japan-U.S. Security Treaty,” she said.
In addition, “through alliance mechanisms such as the G7 and Quad [Quadruple Security Dialogue], a set of international norms for cyber behavior that excludes authoritarian countries is being established.”
Luo Ya contributed to this report.