Summary: A cyber-espionage campaign linked to the Chinese state-backed hacking group “MirrorFace” has been targeting Japan since 2019, aiming to steal advanced technology and national security intelligence. The campaign has evolved through distinct phases, employing various attack methods and malware to infiltrate government and technology sectors.
Threat Actor: MirrorFace | MirrorFace
Victim: Japan | Japan
Key Point :
- The campaign has three distinct phases targeting think tanks, government entities, and the technology sector.
- MirrorFace exploits vulnerabilities in networking equipment and uses various malware families for data exfiltration.
- Two evasion techniques include using Visual Studio Code tunnels for command execution and Windows Sandbox to bypass antivirus detection.
- The NPA recommends monitoring for suspicious PowerShell logs and unauthorized communications to detect these threats.