Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Japanese businesses are being bombarded with millions of phishing messages

Japan Proofpoint
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
  • Proofpoint observes notable spike in phishing emails targeting Japanese businesses
  • The emails are being sent out via a kit called CoGUI
  • The researchers attributed the attack to a Chinese-speaking threat actor

Threat actors are flooding Japanese businesses with phishing attacks, and are using a unique phishing kit framework called CoGUI to do it.

Cybersecurity researchers Proofpoint say they have observed a “notable increase” in high-volume Japanese language campaigns using CoGUI in the wild in October 2024, before starting to track it in December of the same year.

“The campaigns typically include a high-volume of messages, with counts ranging from hundreds of thousands to tens of millions per campaign, with an average of approximately 50 campaigns per month campaigned by our researchers,” Proofpoint explained.

Millions of messages

The campaign peaked in January 2025, when 172 million messages were sent out.

The attackers were mostly pretending to be Amazon, PayPal, or Rakuten, but other brands were abused, as well. Japan was, by far, the most targeted country, but Proofpoint also said that there were victims in Australia, New Zealand, Canada, and the United States.

The goal of the campaign was to steal people’s login credentials, and system information. That data includes the geographical location of the IP address, language configuration of the browser, browser type and version, monitor height and width, OS, and the type of device used (mobile, desktop, laptop).

Proofpoint added the kit cannot grab 2FA code, but still described it as “sophisticated”, with advanced evasion techniques such as geofencing, header fencing, and fingerprinting.

These allowed the threat actors to focus on specific geographies, while evading most of today’s security measures.

The researchers attributed the attacks to a Chinese-speaking threat actor that mainly targets Japanese language speakers in Japan.

The best way to defend against these attacks remains the same - to use common sense, and slow down when reading and responding to email messages.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Early-2000s Shoe Trends Taking Over Zara and H&M Right Now
Talk about a blast from the past.
Marie Claire
Marie Claire
Why are parts of the Melvins’ old touring van being sold for up to $40,000?
They’re part of Julien’s latest Music Icons auction
MusicRadar
MusicRadar
Simon Cowell admits he considered couple’s $150,000 offer to judge them having sex
Former ‘American Idol’ judge recalled the ‘bizarre’ interaction on the latest episode of the ‘How To Fail with Elizabeth Day’ podcast
The Independent UK
The Independent UK
How to watch RuPaul’s Drag Race All Stars season 10 online and from anywhere
A whopping eighteen queens strut their stuff for a spot in the Drag Race Hall of Fame. Here's how to watch RuPaul’s Drag Race All Stars season 10 online and from anywhere
TechRadar
TechRadar
‘They’re not selling fashion – they’re selling a dream’: the latest celebrity clan in clothes
Are the Crawford-Gerbers the new Kardashians – or a family selling a modern take on the American dream?
The Guardian - UK
The Guardian - UK
The reason eggs are less likely to crack when dropped on their side
Hundreds of eggs were used to reveal the findings
The Independent UK
The Independent UK
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play