Japan's National Police Agency and National Center of Incident Readiness and Strategy for Cybersecurity accused the China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting associated organizations in Japan since 2019, aimed at stealing national security and advanced technology information.
MirrorFace, also known as Earth Kasha, has been identified as a subgroup within APT10 and has systematically attacked Japanese entities, utilizing tools such as ANEL, LODEINFO, and NOOPDOOR.
The campaigns mounted by MirrorFace are categorized into three major operations, targeting a range of sectors including think tanks, government, and the semiconductor industry, by employing spear-phishing, vulnerability exploitation, and other sophisticated tactics.
The attacks have included a sophisticated method of execution where malicious payloads are stealthily activated in the Windows Sandbox, indicating a high level of operational security and technical prowess by the threat actor.
Collection
[
|
...
]