On April 18, 2025, Tokai University in Hiratsuka City, Kanagawa Prefecture, reported a significant ransomware attack. This cyberattack affected multiple campuses across Japan, including the Shonan, Shinagawa, Shizuoka, Sapporo, and Kumamoto campuses. The attack caused disruptions to vital systems, including student portals and email services. However, no disruptions were reported at medical facilities in Isehara City and Hachioji City.
The attack was first detected on April 17, 2025, when university websites failed to display correctly.
Upon investigation, the university found unauthorized access to its servers, which led to ransomware infection. As a precaution, the university cut off all internet connections to prevent further damage, though critical systems remained offline. This resulted in canceled classes and uncertainty for students and faculty members.
The university discovered that content file extensions had been altered, confirming the ransomware attack.
Investigations traced the attack’s origin to April 16, 2025, raising concerns about the university’s security measures. The Kanagawa Prefectural Police are now investigating the attack, with a focus on identifying the perpetrators and determining the full extent of the damage. Recovery efforts are underway, but no clear timeline for restoring systems has been provided.
The disruption at Tokai University highlights the growing threat of cyberattacks on educational institutions in Japan. As more universities rely on digital systems, ensuring robust cybersecurity measures has become a pressing priority. This incident serves as a reminder of the vulnerabilities that exist in the digital landscape and the importance of safeguarding sensitive information from cybercriminals.
Previous cyber attacks in Japan have compromised security in several organizations.
Back in March, a malicious campaign has been targeting organizations in Japan since January 2025, attributed to an unknown threat group. The attackers exploited the CVE-2024-4577 vulnerability, a remote code execution flaw in PHP-CGI on Windows systems. This flaw allowed the threat actors to gain initial access to victim machines, enabling the execution of PowerShell scripts. The attackers used the publicly available Cobalt Strike kit, specifically the “TaoWu” plugin, for post-exploitation activities to maintain control.
Reference: