Tech

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

3 Min Read
Cyberattacks on Japan

Japan’s Nationwide Police Company (NPA) and Nationwide Heart of Incident Readiness and Technique for Cybersecurity (NCSC) accused a China-linked risk actor named MirrorFace of orchestrating a persistent assault marketing campaign concentrating on organizations, companies, and people within the nation since 2019.

The first goal of the assault marketing campaign is to steal data associated to Japan’s nationwide safety and superior know-how, the businesses stated.

MirrorFace, additionally tracked as Earth Kasha, is assessed to be a sub-group inside APT10. It has a monitor file of systematically hanging Japanese entities, usually leveraging instruments like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace).

Final month, Pattern Micro revealed particulars of a spear-phishing marketing campaign that focused people and organizations in Japan with an purpose to ship ANEL and NOOPDOOR. Different campaigns noticed lately have additionally been directed in opposition to Taiwan and India.

In accordance with NPA and NCSC, assaults mounted by MirrorFace have been broadly categorized into three main campaigns –

  • Marketing campaign A (From December 2019 to July 2023), concentrating on assume tanks, governments, politicians, and media organizations utilizing spear-phishing emails to ship LODEINFO, NOOPDOOR, and LilimRAT (a customized model of the open-source Lilith RAT)
  • Marketing campaign B (From February to October 2023), concentrating on semiconductor, manufacturing, communications, tutorial, and aerospace sectors by exploiting identified vulnerabilities in internet-facing Array Networks, Citrix, and Fortinet units to breach networks to ship Cobalt Strike Beacon, LODEINFO, and NOOPDOOR
  • Marketing campaign C (From June 2024), concentrating on academia, assume tanks, politicians, and media organizations utilizing spear-phishing emails to ship ANEL.

The businesses additionally famous that they noticed situations the place the attackers stealthily executed the malicious payloads saved on the host pc throughout the Home windows Sandbox and have communicated with a command-and-control server since no less than June 2023.

“This technique permits malware to be executed with out being monitored by antivirus software program or EDR on the host pc, and when the host pc is shut down or restarted, traces within the Home windows Sandbox are erased, so proof will not be left behind,” the NPA and NCSC stated.

You Might Also Like

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Estimating Facial Attractiveness Prediction for Livestreams

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Anthropic Just Became America’s Most Intriguing AI Company

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

TAGGED: ,
Share This Article
Previous Article Hall de la Standard Chartered Bank Standard Chartered launches crypto custody entity in Luxembourg under MiCA
Leave a comment

Latest News

Hall de la Standard Chartered Bank
Standard Chartered launches crypto custody entity in Luxembourg under MiCA
Crypto
If I put £20k into a FTSE 100 tracker fund, I'd get this as a second income
I asked ChatGPT to pick me the best passive income stock. Here’s the result!
Business
Solaxy Raises $9.3M – Could this Be The Next Altcoin to Explode in 2025?
Solaxy Raises $9.3M – Could this Be The Next Altcoin to Explode in 2025?
Political
UK freezes assets of extreme-right group Blood and Honour for alleged terrorism
UK freezes assets of extreme-right group Blood and Honour for alleged terrorism
World
Solv Protocol introduces Bitcoin staking on Base with cbBTC token
Oklahoma senator files Bitcoin Freedom Act enabling wages in BTC
Crypto
The First Descendant Trailer Teases Ines and Her Electrical Abilities
The First Descendant Trailer Teases Ines and Her Electrical Abilities
Gaming
Register Lost your password?