"An interesting aspect of this campaign is the comeback of a backdoor dubbed ANEL, which was used in campaigns targeting Japan by APT10 until around 2018 and had not been observed since then," security researcher Hara Hiroaki said.
"Additionally, an analysis of the victim profiles and the names of the distributed lure files suggests that the adversaries are particularly interested in topics related to Japan's national security and international relations," Hiroaki pointed out.
MirrorFace's use of ANEL was also documented by ESET last month as part of a cyber attack targeting a diplomatic organization in the European Union using lures related to the World Expo.
The switch to spear-phishing email messages is intentional, per Trend Micro, and a decision motivated by the fact that the attacks are designed to single out individuals rather than enterprises.
Collection
[
|
...
]