Japan’s Financial Services Agency (FSA) revealed that hackers exploited nearly 5,000 financial accounts in April 2025. These attacks led to 2,746 unauthorized trades across nine securities firms, with nearly $2 billion in total transaction volume. Hackers used stolen login credentials to sell and buy domestic and foreign small-cap stocks, particularly to manipulate prices. Once prices rose, the attackers sold their own shares for profit, intensifying financial market vulnerabilities.
From January through March 2025, the FSA reported similar activity in 12 securities firms, though on a smaller scale.
Hackers moved about $350 million in sales and $315 million in purchases during that period. By contrast, the April incident alone resulted in over $1 billion in fraudulent sales and $902 million in purchases. The FSA noted that the reported figures reflect total amounts traded in compromised accounts.
Initially, the FSA mentioned that many trades involved Chinese stocks, but this reference was later removed from official statements. Hackers mostly focused on inflating the value of smaller stocks before cashing out their holdings. This tactic highlights the financial risks of low-cap securities and underscores how breached accounts can destabilize markets.
The attacks demonstrate the sophistication of modern financial cybercrime strategies.
Cybersecurity experts have connected this surge in account breaches to a rise in phishing activity targeting Japanese users. Tools like ChatGPT reportedly enable attackers to create convincing, culturally accurate phishing emails. Researchers also highlighted a phishing kit called CoGUI, linked to Chinese cybercriminals, which captures login credentials and payment data. Japan’s regulators now face urgent pressure to improve financial cybersecurity.
Reference:
