Security News > 2022 > December > Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

A Chinese-speaking advanced persistent threat actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments.

The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer.

A pair of reports from Kaspersky in November 2022 linked LODEINFO infections targeting media, diplomatic, governmental and public sector organizations, and think-tanks in Japan to Stone Panda.

"Once MirrorStealer had collected the credentials and stored them in %temp%31558.txt, the operator used LODEINFO to exfiltrate the credentials," Breitenbacher explained, since it "Doesn't have the capability to exfiltrate the stolen data."

The attacks further made use of a second-stage LODEINFO malware that comes with capabilities to run portable executable binaries and shellcode.

"In Operation LiberalFace, it specifically targeted political entities using the then-upcoming House of Councillors election to its advantage."

News URL

https://thehackernews.com/2022/12/researchers-uncover-mirrorface-cyber.html