Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades

Japan’s leading financial regulator reported an explosion of unauthorized stock market trades in April — with almost $2 billion in funds moved by hackers. 

Japan’s Financial Services Agency (FSA) provided updated figures for last month after initially warning that there had been a “sharp increase in the number of cases of unauthorized access and unauthorized trading” through online trading services in the first three months of 2025. 

The FSA said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers. 

In total, the hackers conducted more than $1 billion in sales and purchases of about $902 billion. For the first three months of the year, the FSA previously said 12 securities firms reported fraudulent transactions, with sales totaling about $350 million and purchases worth about $315 million. 

The FSA explained that the sales and purchase amounts are the total amounts of fraudulent transactions within the account that was fraudulently accessed. In the vast majority of cases, hackers gain access to a victim’s account through stolen login information and use them to sell stocks or other securities, according to the FSA.

They use the proceeds of the sale to buy domestic and foreign small-cap stocks and other securities. The FSA initially said many accounts were used to buy Chinese stocks but have since removed any mention of China from the advisory. 

The hackers typically use the breached accounts to raise the price of smaller stocks that the cybercriminals themselves have purchased. Once the stock price increases, the hackers sell their stock and earn a profit from the inflated value. 

Cybersecurity researchers previously told Recorded Future News that Japan has seen a sharp increase in phishing campaigns in recent months. 

Proofpoint Chief Strategy Officer Ryan Kalember said tools like ChatGPT now enable hackers to craft culturally accurate phishing emails and the company published a lengthy report this week on CoGUI — a phishing kit used widely among Chinese cybercriminals to siphon usernames, passwords and payment information.