Summary: Japanese authorities have issued a warning about a sophisticated cyber-espionage campaign named “MirrorFace,” attributed to a Chinese state-backed threat actor, aimed at stealing technology and national security secrets. The campaign has evolved since its inception in 2019, employing various tactics including phishing and exploiting vulnerabilities in network devices.
Threat Actor: MirrorFace | MirrorFace
Victim: Japanese Organizations | Japanese Organizations
Key Point :
- MirrorFace has been active since 2019, initially using phishing campaigns to target think tanks, governments, and politicians.
- In 2023, the group shifted focus to exploiting vulnerabilities in network devices across various sectors, including healthcare and manufacturing.
- Recent tactics include SQL injection attacks and basic phishing against media and political figures.
- MirrorFace is believed to operate as a cyber-warfare unit of the People’s Liberation Army (PLA).
- The rise in APT activity is expected amid increasing geopolitical tensions, particularly involving nation-state actors.
Source: https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-group-ransacking-japans-secrets