Japan to Launch Nationwide Audit After Malware-Infested USB Breach in China-Linked Case
- Input
- 2026-07-02 14:06:57
- Updated
- 2026-07-02 14:06:57

[Financial News, Tokyo = Correspondent Seo Hye-jin] The Japanese government will launch a nationwide audit of USB memory use across local governments. The move comes after it was revealed that the Japan Ground Self-Defense Force had used a USB infected with China-linked malware in a classified system for about a year, prompting a broader cybersecurity review in the public sector.
According to Nikkei, Inc. on the 2nd, MIC will begin as early as this month a survey of USB memory use among all 1,788 prefectural and municipal governments nationwide. The ministry plans to examine the manufacturers, quantities held, and usage status of already procured USB devices, and compile the results about a month later.
MIC plans to determine whether trusted manufacturers' products are being used, assess the risk of cyberattacks by local government, and require stronger security measures from institutions with weak management.
The scope of the survey is expected to go beyond USB devices. MIC is also considering checks on other IT equipment connected to the internet, such as surveillance cameras and drones. Last year, it conducted security inspections of PCs and routers.
The measure was triggered by the malware infection incident involving the Japan Ground Self-Defense Force's USB devices.
Earlier, The Nikkei reported on the 25th of last month that the Japan Ground Self-Defense Force had used a China-made USB memory device infected with China-linked malware on a terminal in a classified system for about a year. The USB was reportedly handed over by a local government during disaster response efforts after the Noto Peninsula earthquake in January 2024.
Internal Self-Defense Force documents said it was "procured from Ishikawa Prefecture," but Ishikawa Prefecture denied involvement, saying it had found no record of procurement or payment.
As local governments were mentioned as a possible source of the infected USB, MIC reportedly sent a confidential notice to all local governments the day after the news report, on the 26th of last month, urgently asking them to inspect all USB devices.
MIC instructed officials to scan all files stored on USB devices with the latest security software and to check for so-called "capacity spoofing USBs," which display a larger storage size than they actually have. It also distributed security guidelines, including a warning not to connect USB devices of uncertain origin to internal administrative networks, in order to prevent unauthorized access.
Chief Cabinet Secretary Minoru Kihara also said at a press briefing that day, "MIC is preparing a survey of USB use across local governments nationwide," adding, "It is important to strengthen the proper use of information systems and IT devices, including USBs, as well as responses to supply chain risks."
He added, "The government will continue to provide the support needed so that local governments can put in place appropriate security measures."
Experts say the survey highlights the weak security management practices of local governments.
Professor Tetsutaro Uehara of Ritsumeikan University said, "USB devices are still a major means of transferring data at local governments, but they do not even properly understand how they are actually being used." He added that the measure reflects MIC's strong sense of crisis.
In fact, a survey MIC conducted last year of 1,788 local governments nationwide found that only about 10% of institutions strictly enforced criteria for selecting IT devices. Because the central government and local governments are connected through administrative networks, there are concerns that if an infected USB is used at an institution with poor security management, the damage could spread to other agencies.
The Japanese government also plans to speed up institutional reforms. MIC has decided that from July next year, local governments will be limited to introducing only IT equipment with a low risk of cyberattacks. As a result, China-made USB devices like those found in the Japan Ground Self-Defense Force are expected to be effectively phased out of the public sector.
However, some say the impact on equipment already in use will be limited. In response, MIC plans to carry out a sweeping inspection of existing IT equipment, including USB devices, and gradually eliminate security vulnerabilities.
sjmary@fnnews.com Seo Hye-jin Reporter