FlagThis

Japan's National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have issued a warning about a prolonged cyber-attack campaign against organizations, businesses, and individuals in Japan since 2019. The attacks are attributed to the Chinese cyber espionage group known as MirrorFace, also called Earth Kasha, which is believed to be a subgroup of APT10. This group aims to steal sensitive information related to Japan’s national security and advanced technologies. The group has been seen targeting a wide range of sectors, including government bodies, defense, aerospace, semiconductor, communications, research organizations and the media.

MirrorFace has conducted several campaigns, including spear-phishing emails with malware attachments, exploiting VPN vulnerabilities, and using advanced techniques like abusing Windows Sandbox for malware execution and leveraging Visual Studio Code's development tunnels for stealthy remote control. The group deploys tools such as LODEINFO, ANEL, LilimRAT, NOOPDOOR and Cobalt Strike Beacon. The NPA has linked MirrorFace to over 200 cyber incidents in the past five years. Authorities have raised concerns about the sophisticated techniques and the focus on infiltrating Japanese national security and advanced technology sectors, and are working to mitigate the risks.

ImgSrc: securityonline.

References :

• : National Police Agency (Japan): (Japanese language) See parent toot above. The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity have assessed that a cyber attack campaign against organizations, businesses and individuals in Japan from around 2019 to the present has been carried out by a cyber attack group called "MirrorFace" (also known as "Earth Kasha").
• securityonline.info: MirrorFace: Unmasking the Chinese Cyber Espionage Group Targeting Japan
• ciso2ciso.com: Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace – Source: www.infosecurity-magazine.com
• The Hacker News: MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
• ciso2ciso.com: Japanese police claim China ran five-year cyberattack campaign targeting local orgs – Source: go.theregister.com
• www.npa.go.jp: National Police Agency (Japan): (Japanese language) See parent toot above.
• Techmeme: Japan says Chinese hacking group MirrorFace is linked to 200+ cyberattacks from 2019 to 2024 targeting the country's national security and advanced tech data (Mari Yamaguchi/Associated Press)
• ciso2ciso.com: Chinese APT Group Is Ransacking Japan’s Secrets – Source: www.darkreading.com
• ciso2ciso.com: Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace – Source: www.infosecurity-magazine.com
• www.scworld.com: Years-long hacking spree against Japan linked to Chinese hackers
• ciso2ciso.com: Japanese police claim China ran five-year cyberattack campaign targeting local orgs – Source: go.theregister.com
• Pyrzout :vm:: Japanese police claim China ran five-year cyberattack campaign targeting local orgs
• Latest from TechRadar: Japan says Chinese hackers have launched hundreds of attacks against targets in the country | Hacking group ‘MirrorFace’ accused of hitting dozens of targets
• securityaffairs.com: Japanese authorities attribute a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace.

Classification:

• HashTags: #MirrorFace #CyberEspionage #ChinaAPT
• Company: Japanese Government
• Target: Japan
• Attacker: MirrorFace
• Feature: Cyber Espionage
• Malware: ANEL, NOOPDOOR
• Type: Espionage
• Severity: Major