Security News > 2022 > December > Hackers target Japanese politicians with new MirrorStealer malware

Hackers target Japanese politicians with new MirrorStealer malware
2022-12-15 07:36

A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.

The hackers deployed the new information-stealing malware along with the group's signature backdoor, LODEINFO, which communicated with a C2 server known to belong to APT10 infrastructure.

APT10 used LODEINFO to deploy MirrorStealer on compromised systems.

All stolen credentials are stored in a txt file in the TEMP directory and then wait for LODEINFO to send them to the C2, as MirrorStealer does not support data exfiltration on its own.

ESET's analysts observed LODEINFO conveying commands to load MirrorStealer on the memory of the breached system, injecting it into a newly spawned cmd.

There are signs that the remote operator attempted to exfiltrate browser cookies using MirrorStealer, but reverted to using LODEINFO for this action, as the new info-stealer does not support this function.


News URL

https://www.bleepingcomputer.com/news/security/hackers-target-japanese-politicians-with-new-mirrorstealer-malware/