Japan's National Police Agency and the Center of Incident Readiness and Strategy for Cybersecurity confirmed a years-long series of cyberattacks attributed to a China-backed group named 'MirrorFace'. These attacks, dating back to 2019, targeted think tanks, government agencies, and media organizations using advanced techniques, including phishing emails that delivered various strains of malware like 'LODEINFO' and 'LilimRAT', emphasizing the ongoing cyber threat landscape in the region.
According to the report, the second wave of attacks spanned from February 2023 to mid-2024, wherein the attackers exploited vulnerabilities in TLS 1.0, authenticated via client certificates, and used SQL injection attacks. This period showcased an escalation in sophistication as attackers employed tools like the Neo-reGeorg tunneling tool and various web shells, indicating a strategic shift towards more evasive and damaging techniques in their operations.
Collection
[
|
...
]