A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments.
The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer.
The Slovak cybersecurity company said the campaign was launched a little over a week prior to the Japanese House of Councillors election that took place on July 10, 2022.
“LODEINFO was used to deliver additional malware, exfiltrate the victim’s credentials, and steal the victim’s documents and emails,” ESET researcher Dominik Breitenbacher said in a technical report published Wednesday.
MirrorFace is said to share overlaps with another threat actor tracked as APT10 (aka Bronze Riverside, Cicada, Earth Tengshe, Stone Panda, and Potassium) and has a history of striking companies and organizations based in Japan.
images from Hacker News