CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

admin by admin
December 15, 2022
in Information Security


Dec 15, 2022Ravie LakshmananAdvanced Persistent Threat

A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments.

The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer.

The Slovak cybersecurity company said the campaign was launched a little over a week prior to the Japanese House of Councillors election that took place on July 10, 2022.

“LODEINFO was used to deliver additional malware, exfiltrate the victim’s credentials, and steal the victim’s documents and emails,” ESET researcher Dominik Breitenbacher said in a technical report published Wednesday.

CyberSecurity

MirrorFace is said to share overlaps with another threat actor tracked as APT10 (aka Bronze Riverside, Cicada, Earth Tengshe, Stone Panda, and Potassium) and has a history of striking companies and organizations based in Japan.

Indeed, a pair of reports from Kaspersky in November 2022 linked LODEINFO infections targeting media, diplomatic, governmental and public sector organizations, and think-tanks in Japan to Stone Panda.

MirrorFace Cyber Attacks

ESET, however, said it hasn’t found evidence to tie the attacks to a previously known APT group, insteading tracking it as a standalone entity. It also described LODEINFO as a “flagship backdoor” exclusively used by MirrorFace.

The spear-phishing emails, sent on June 29, 2022, purported to be from the political party’s PR department, urging the recipients to share the attached videos on their own social media profiles to “secure victory” in the elections.

However, the videos were self-extracting WinRAR archives designed to deploy LODEINFO on the compromised machine, allowing for taking screenshots, logging keystrokes, killing processes, exfiltrating files, and executing additional files and commands.

Also delivered was the MirrorStealer credential grabber that’s capable of plundering passwords from browsers and email clients like Becky!, which is primarily used in Japan.

“Once MirrorStealer had collected the credentials and stored them in %temp%31558.txt, the operator used LODEINFO to exfiltrate the credentials,” Breitenbacher explained, since it “doesn’t have the capability to exfiltrate the stolen data.”

The attacks further made use of a second-stage LODEINFO malware that comes with capabilities to run portable executable binaries and shellcode.

“MirrorFace continues to aim for high-value targets in Japan,” ESET said. “In Operation LiberalFace, it specifically targeted political entities using the then-upcoming House of Councillors election to its advantage.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Initiatebodgovernance ~ Future of CIO

Next Post

Ingredientsofleadershipvi ~ Future of CIO

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Ingredientsofleadershipvi ~ Future of CIO

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.