MirrorFace Strikes Again: Sneaky Phishing Campaign Targets Japan with Old Tricks and New Twists
MirrorFace, a China-linked threat actor, is back with a new spear-phishing campaign targeting Japan. This time, they’re reviving the ANEL backdoor, last seen in 2018, to infiltrate targets using Microsoft OneDrive links. The focus? Japan’s national security and U.S.-China relations. Stay skeptical of interview requests bearing ZIP archives!
Hot Take:
MirrorFace is back in action, and it seems like they’ve been binge-watching “Back to the Future.” Their latest spear-phishing campaign is a blast from the past, bringing back the ANEL backdoor like it’s some sort of vintage collector’s item. Just when you thought it was safe to download that shady OneDrive link, they’ve made sure to keep us on our toes with a little cyber déjà vu.
Key Points:
- MirrorFace, a Chinese threat actor linked to APT10, is targeting Japan with a new spear-phishing campaign.
- The campaign features backdoors NOOPDOOR and ANEL, the latter of which has resurfaced from its 2018 retirement.
- MirrorFace’s strategy has shifted from exploiting device flaws to using spear-phishing, focusing on individuals.
- This campaign uses malicious OneDrive links to distribute booby-trapped ZIP archives with various infection vectors.
- Targets are mainly individuals like researchers, making traditional enterprise defenses less effective.
Already a member? Log in here