What is MirrorFace Related Cyber Attacks?

Posted on by rohan.verma

MirrorFace, also known as Earth Kasha, is a China-linked cyber threat actor responsible for a prolonged campaign of cyber-attacks targeting Japanese organizations and individuals since 2019. Identified by Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), MirrorFace is believed to be a subgroup of the Chinese state-sponsored hacking collective APT10.

Key Facts About MirrorFace Attacks:

  1. Purpose: These cyber-attacks aimed to steal sensitive information related to Japan’s national security and advanced technologies.
  2. Techniques Used:
    • Deployment of sophisticated malware like ANEL, LODEINFO, and NOOPDOOR.
    • Exploitation of vulnerabilities in network devices.
    • Use of phishing emails with themes like “Japan-US alliance” and “Taiwan Strait” to lure victims.
    • Advanced methods like executing malware in the Windows Sandbox to evade detection.

Timeline of Major Campaigns:

  • 2019–2023: Targeted government agencies, think tanks, politicians, and media using spear-phishing emails with malware.
  • 2023: Attacked sectors like semiconductors, aerospace, and academia by exploiting network vulnerabilities.
  • 2024 Onwards: Resumed targeting think tanks and politicians using advanced malware techniques.

Notable Incidents:

  • Cyber-attack on Japan Aerospace Exploration Agency (JAXA).
  • Ransomware attack on the Port of Nagoya in 2023, disrupting operations.

Response and Awareness:

Japan’s NPA has linked MirrorFace to over 200 cyber incidents in five years, emphasizing the need for robust cybersecurity measures. The agency urges targeted organizations to adopt better defenses to prevent further damage and safeguard sensitive information.

MirrorFace highlights the ongoing cyber threats posed by state-sponsored actors, making international collaboration and vigilance critical to combating these risks.

Similar incident in news headlines few months ago ,

Salt Typhoon, a sophisticated cyber espionage group linked to China’s Ministry of State Security (MSS), has launched significant hacking campaigns, primarily targeting counterintelligence efforts and intellectual property in the United States. Their operations have also affected numerous organizations across the globe.

Reference : Infosecurity

WhatsApp Group Join Now
Telegram Group Join Now

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts