MirrorFace Strikes Again: ROAMINGMOUSE Malware Escalates Cyber Espionage in Japan and Taiwan
MirrorFace is back and they’re not here to make friends. Armed with ROAMINGMOUSE malware, this hacker group is spear-phishing their way into government agencies in Japan and Taiwan. Their goal? Information theft for strategic gain. It’s a cyber espionage campaign that proves hackers aren’t just playing mouse and cat games anymore.
Hot Take:
Why did the cybercriminal cross the sea? To get to the government agency on the other side! The elusive MirrorFace is back at it again, proving that not even a pandemic can slow down their espionage ambitions. With a playbook straight out of a cyber-thriller, they’re dropping ROAMINGMOUSE like it’s hot, and governments in Japan and Taiwan are scrambling to keep their secrets locked tighter than a clam with a trust fund. Because nothing says “I love international intrigue” quite like a malware-laced Excel document, am I right?
Key Points:
– MirrorFace, a nation-state threat actor, targeted Japanese and Taiwanese government entities with ROAMINGMOUSE malware.
– The attack utilized spear-phishing emails containing Microsoft OneDrive URLs leading to malware-laden ZIP files.
– The campaign introduced a new command in the ANEL malware to execute BOFs (Beacon Object Files) in memory.
– Earth Kasha, linked to APT10 and China-aligned, continues its cyber espionage campaign focusing on strategic information theft.
– The use of SharpHide to launch NOOPDOOR backdoor highlights the group’s evolving tactics in concealing their activities.