Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A Systematic Cyberattack Campaign by China-Linked APT Group MirrorFace Targets Japan


A systematice cyberattack campaign by China-Linked APT group MirrorFace has targeted Japan, with authorities attributing the incident to the group. The campaign, which began in 2019, employed various tactics, including spear-phishing attacks and software vulnerabilities, to steal advanced tech and intelligence.

  • The MirrorFace group, also known as Earth Kasha, has been linked to a long-running cyber-espionage campaign in Japan since at least 2019.
  • The campaigns have targeted Japanese technology and national security, using tactics such as spear-phishing attacks, malware attachments, and software vulnerabilities.
  • The most recent campaign, Campaign C, used a new type of malware called ANEL and Visual Studio Code (VS Code) tunnels to establish covert communication channels.
  • The China-linked APT group has used two evasion methods: Visual Studio Code (VSCode) tunnels and Windows Sandbox to evade antivirus detection and command instructions.


    • The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have revealed that a long-running cyber-espionage campaign targeting local entities has been linked to the China-linked APT group MirrorFace, also known as Earth Kasha. The campaign, which has been active since at least 2019, targets Japanese technology and national security, evolving methods to steal advanced tech and intelligence.



    The MirrorFace group was first spotted by ESET in 2022, targeting Japanese political entities ahead of elections. Since then, the group has launched three cyber campaigns targeting Japanese think tanks, government, academia, and key industries. The campaigns have employed various tactics, including spear-phishing attacks, malware attachments, and software vulnerabilities in networking devices.



    The most recent campaign, known as Campaign C, was launched in 2024 and used a new type of malware called ANEL, which was delivered via email links. This campaign targeted academia and think tanks, evolving the tactics employed by the group to include the use of Visual Studio Code (VS Code) tunnels to establish covert communication channels on compromised systems.



    The China-linked APT group has been using two evasion methods in its campaigns: Visual Studio Code (VSCode) tunnels and Windows Sandbox. The VSCode tunnels allow the group to receive PowerShell command instructions, while the Windows Sandbox feature allows malware to run undetected within an isolated environment, evading antivirus detection.



    The Japanese authorities have attributed the campaign to MirrorFace, citing analysis by the NPA Cyber Special Investigation Division, the Metropolitan Police Department, and prefectural police departments. The report published by NPA states that these campaigns are systematic cyberattacks linked to China, primarily aiming to steal information related to Japan's national security and advanced technologies.



    The alert issued by Japan NPA recommends System Administrators to take necessary precautions to protect their systems from similar attacks in the future. The incident highlights the ongoing efforts of China-linked APT groups to steal advanced technology and national security data, emphasizing the importance of vigilance and proactive measures for organizations and governments alike.




    Related Information:

  • https://securityaffairs.com/172890/apt/china-linked-apt-mirrorface-targets-japan.html


    • Published: Fri Jan 10 05:50:41 2025 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us