MirrorFace Strikes Again: Chinese Hackers Target Europe with Expo 2025 Lure!

MirrorFace, a Chinese APT actor and APT10 subgroup, has expanded its focus beyond Japan, targeting a Central European diplomatic institute in a campaign called Operation AkaiRyū. Using a mix of backdoors like Anel and HiddenFace, MirrorFace infiltrates systems with spearphishing emails, all while keeping a close watch on the upcoming Expo 2025.

3P
Published: March 19, 2025 1:09 pmAdded: March 19, 2025 at 6:36 amAssembled by: The Editor
Pro Dashboard

Hot Take:

MirrorFace seems to be channeling their inner James Bond villain by targeting diplomatic institutes, and they’ve got all the cool gadgets, too! Who knew state-sponsored cyber espionage could be so… trendy?

Key Points:

  • MirrorFace, aka Earth Kasha, is targeting a Central European diplomatic institute in relation to Expo 2025.
  • The group is linked to the Chinese state-sponsored hacking group APT10.
  • New tactics and tools, including the Anel backdoor and customized AsyncRAT, have been observed.
  • MirrorFace’s campaign, Operation AkaiRyū, is their first known attack on a European entity.
  • Despite broader targeting, the focus remains on Japanese-related events.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?