• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover mirrorface cyber attacks targeting japanese political entities

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

You are here: Home / General Cyber Security News / Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities
December 15, 2022

A Chinese-talking state-of-the-art persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing marketing campaign concentrating on Japanese political institutions.

The action, dubbed Procedure LiberalFace by ESET, particularly concentrated on users of an unnamed political party in the nation with the intention of providing an implant termed LODEINFO and a hitherto unseen credential stealer named MirrorStealer.

The Slovak cybersecurity firm explained the marketing campaign was introduced a minimal more than a 7 days prior to the Japanese House of Councillors election that took position on July 10, 2022.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“LODEINFO was used to produce further malware, exfiltrate the victim’s credentials, and steal the victim’s files and e-mail,” ESET researcher Dominik Breitenbacher mentioned in a technical report printed Wednesday.

CyberSecurity

MirrorFace is said to share overlaps with yet another danger actor tracked as APT10 (aka Bronze Riverside, Cicada, Earth Tengshe, Stone Panda, and Potassium) and has a historical past of striking corporations and companies primarily based in Japan.

Without a doubt, a pair of studies from Kaspersky in November 2022 connected LODEINFO infections targeting media, diplomatic, governmental and community sector companies, and believe-tanks in Japan to Stone Panda.

MirrorFace Cyber Attacks

ESET, on the other hand, said it hasn’t discovered evidence to tie the attacks to a earlier identified APT group, insteading monitoring it as a standalone entity. It also described LODEINFO as a “flagship backdoor” exclusively used by MirrorFace.

The spear-phishing e-mails, despatched on June 29, 2022, purported to be from the political party’s PR department, urging the recipients to share the hooked up videos on their possess social media profiles to “protected victory” in the elections.

Nonetheless, the videos ended up self-extracting WinRAR archives developed to deploy LODEINFO on the compromised equipment, allowing for using screenshots, logging keystrokes, killing procedures, exfiltrating data files, and executing supplemental files and instructions.

Also delivered was the MirrorStealer credential grabber that is capable of plundering passwords from browsers and email clients like Becky!, which is largely made use of in Japan.

“When MirrorStealer had collected the qualifications and saved them in %temp%31558.txt, the operator utilised LODEINFO to exfiltrate the qualifications,” Breitenbacher discussed, considering that it “won’t have the functionality to exfiltrate the stolen info.”

The attacks further produced use of a next-phase LODEINFO malware that comes with capabilities to operate portable executable binaries and shellcode.

“MirrorFace proceeds to goal for superior-benefit targets in Japan,” ESET explained. “In Operation LiberalFace, it precisely targeted political entities making use of the then-upcoming House of Councillors election to its edge.”

Observed this report attention-grabbing? Adhere to us on Twitter  and LinkedIn to study additional distinctive written content we write-up.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «microsoft reclassifies spnego extended negotiation security vulnerability as critical rce Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as Critical RCE
Next Post: Loan Scam Campaign ‘MoneyMonger’ Exploits Flutter to Hide Malware Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.