Chinese hacking gang MirrorFace, also known as Earth Kasha, has compromised a Central European diplomatic entity with the ANEL backdoor and a custom AsyncRAT payload as part of the Operation AkaiRyū cyberespionage campaign in August, indicating expanded targeting for the APT10-linked group that has primarily targeted Japanese organizations, according to The Hacker News.
Malicious spear-phishing emails with trojanized documents have been leveraged by MirrorFace to facilitate the execution of ANEL — which represents a shift from LODEINFO that has been used by the group during the past year — as well as the HiddenFace backdoor, also known as NOOPDOOR, a report from ESET revealed.
Additional findings showed Operation AkaiRyū to have significant similarities with the recent attack campaign reported by Japan's National Police Agency and National Center of Incident Readiness and Strategy for Cybersecurity to have targeted various organizations across the country since June 2024.
However, MirrorFace's strengthened operational security has hampered intelligence gathering regarding its recent activities, said ESET.
