Apology for the falsification of our websites

Research Institute for Languages and Cultures of Asia and Africa (ILCAA),
Tokyo University of Foreign Studies
Computer Security Incident Response Team (CSIRT),
Tokyo University of Foreign Studies

On Sunday, August 3, 2025, we confirmed that websites operated by our Research Institute for Languages and Cultures of Asia and Africa (ILCAA) had been falsified to display an inappropriate webpage. We sincerely apologize for this incident and provide the following report.

Date confirmed:
Sunday, August 3, 2025, at approximately 5:30 p.m.

Confirmed incident:
Some websites hosted on the web server with the domain “aa-ken.jp,” which are operated by our ILCAA to publish research outcomes, have been falsified to automatically redirect visitors to an online casino website when accessing them.

Affected areas:
aa-ken.jp (web server independently operated by ILCAA)
Websites whose contents are managed under the domain “aa-ken.jp” (irc.aa.tufs.ac.jp and coe.aa.tufs.ac.jp）

No harmful influence has been confirmed on other systems, including our official website (domain: tufs.ac.jp) and the ILCAA official website (domain: aa.tufs.ac.jp).

Incident handling status:
The affected web server has been suspended.

Cause of the incident:
An investigation concluded that the falsification resulted from unauthorized access that exploited vulnerabilities in the CMS (Contents Management System) used for updating websites.

Information on the affected server:
The server contained only publicly available information, and no personal information about students, faculty, or administrative staff was included. In addition, we conducted a virus scan of the server, and no viruses were detected in the OS, middleware, or published contents. We have not received any reports of damage caused by the falsified redirection at this time.

Our future reactions to the incident and measures to prevent recurrence:
We will reopen the concerned website once we have confirmed the security by addressing the vulnerabilities of its entire content and deleting all falsified files.
Before reopening the concerned server, we will implement countermeasures against attacks and reinforce configuration management and monitoring of the server.

The period during which the falsification is considered to cause damage:
From Thursday, June 5, 202５, 16:12 to Friday, August 8, 2025, 15:50

Guidance for users:
We are currently addressing the vulnerabilities and restoring the falsified content. The website will be reopened once the security and integrity have been confirmed. Your kind patience would be highly appreciated as we take these measures to ensure safe and reliable services.
If you accessed the concerned website during the above period, please update your security software to conduct a virus scan and remove any detected malware.

We sincerely apologize once again for the inconvenience and concern this matter has caused. We will take all necessary measures to operate our websites by strengthening security and implementing monitoring. Please feel free to contact the following address if you have inquiries or troubles regarding this matter.

【Contact】
CSIRT, Tokyo University of Foreign Language: csirt[at]tufs.ac.jp (Change [at] to @)