Summary: A recent malware campaign by the China-aligned MirrorFace threat actor has targeted a Central European diplomatic organization, employing a backdoor known as ANEL. The campaign, called Operation AkaiRyū, marks a notable shift as it extends beyond the group’s usual focus on Japanese entities. Enhanced operational security measures have complicated the incident investigation, reflecting the evolved tactics of this cyber threat group.
Affected: Central European diplomatic organization
Keypoints :
- Operation AkaiRyū targets a European diplomatic institute with Word Expo-related lures.
- MirrorFace has transitioned from using the LODEINFO backdoor to the ANEL backdoor, previously linked to APT10.
- The attack employs advanced tactics, including spear-phishing and DLL side-loading to deploy malware.
- Improved operational security measures by MirrorFace hinder incident investigations.
Source: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html