Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

admin by admin
December 15, 2022
in Ethical Hackers


Dec 15, 2022Ravie LakshmananAdvanced Persistent Threat

A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments.

The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer.

The Slovak cybersecurity company said the campaign was launched a little over a week prior to the Japanese House of Councillors election that took place on July 10, 2022.

“LODEINFO was used to deliver additional malware, exfiltrate the victim’s credentials, and steal the victim’s documents and emails,” ESET researcher Dominik Breitenbacher said in a technical report published Wednesday.

CyberSecurity

MirrorFace is said to share overlaps with another threat actor tracked as APT10 (aka Bronze Riverside, Cicada, Earth Tengshe, Stone Panda, and Potassium) and has a history of striking companies and organizations based in Japan.

Indeed, a pair of reports from Kaspersky in November 2022 linked LODEINFO infections targeting media, diplomatic, governmental and public sector organizations, and think-tanks in Japan to Stone Panda.

MirrorFace Cyber Attacks

ESET, however, said it hasn’t found evidence to tie the attacks to a previously known APT group, insteading tracking it as a standalone entity. It also described LODEINFO as a “flagship backdoor” exclusively used by MirrorFace.

The spear-phishing emails, sent on June 29, 2022, purported to be from the political party’s PR department, urging the recipients to share the attached videos on their own social media profiles to “secure victory” in the elections.

However, the videos were self-extracting WinRAR archives designed to deploy LODEINFO on the compromised machine, allowing for taking screenshots, logging keystrokes, killing processes, exfiltrating files, and executing additional files and commands.

Also delivered was the MirrorStealer credential grabber that’s capable of plundering passwords from browsers and email clients like Becky!, which is primarily used in Japan.

“Once MirrorStealer had collected the credentials and stored them in %temp%31558.txt, the operator used LODEINFO to exfiltrate the credentials,” Breitenbacher explained, since it “doesn’t have the capability to exfiltrate the stolen data.”

The attacks further made use of a second-stage LODEINFO malware that comes with capabilities to run portable executable binaries and shellcode.

“MirrorFace continues to aim for high-value targets in Japan,” ESET said. “In Operation LiberalFace, it specifically targeted political entities using the then-upcoming House of Councillors election to its advantage.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

Next Post

What is www2 and is it safe?

Next Post

What is www2 and is it safe?

Recommended

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

3 months ago

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

4 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.