www.eset.com Open in urlscan Pro
2600:1408:c400:27::17da:daa5  Public Scan

Submitted URL: http://www.eset.com/int/about/newsroom/press-releases/research/chinese-speaking-mirrorface-targeted-a-japanese-polit...
Effective URL: https://www.eset.com/int/about/newsroom/press-releases/research/chinese-speaking-mirrorface-targeted-a-japanese-polit...
Submission: On July 22 via api from DE — Scanned from US

Form analysis 0 forms found in the DOM

Text Content

CHINESE-SPEAKING MIRRORFACE TARGETED A JAPANESE POLITICAL PARTY WITH ESPIONAGE
AND CREDENTIAL-STEALING MALWARE AHEAD OF ELECTIONS, ESET RESEARCH UNCOVERS

14 Dec 2022
Next story

Editor14 Dec 2022
 * At the end of June 2022, MirrorFace launched Operation LiberalFace, which
   targeted Japanese political entities.
 * Spearphishing email messages containing the group's flagship backdoor
   LODEINFO were sent to the targets.
 * LODEINFO was used to deliver additional malware, exfiltrate the victims’
   credentials, and steal the victims’ documents and emails.
 * A previously undescribed credential stealer we have named MirrorStealer was
   used in Operation LiberalFace.
 * MirrorFace is a Chinese-speaking APT group targeting companies and
   organizations based in Japan.


 
BRATISLAVA, BRNO — December 14, 2022 — ESET researchers discovered a
spearphishing campaign, launched in the weeks leading up to the Japanese House
of Councillors elections in July 2022, by the APT group that ESET Research
tracks as MirrorFace. The investigation into the campaign, which ESET Research
has named Operation LiberalFace and which targeted Japanese political entities,
revealed that the members of a specific Japanese political party were of
particular focus in this campaign. The spearphishing email messages contained
the group's flagship backdoor LODEINFO, which was used to deliver additional
malware, exfiltrate the victims’ credentials, and steal the victims’ documents
and emails. MirrorFace is a Chinese-speaking threat actor with targets based in
Japan.

Purporting to be a Japanese political party’s PR department, MirrorFace asked
the email recipients to distribute the attached videos on their own social media
profiles to further strengthen the party’s PR and to secure victory in the House
of Councillors. Furthermore, the email provides clear instructions on the
videos’ publication strategy. The email was purportedly sent on behalf of a
prominent politician. All spearphishing messages contained a malicious
attachment that upon execution deployed LODEINFO on the compromised machine.
MirrorFace started the attack on June 29, 2022, ahead of the Japanese elections
in July.

LODEINFO is a MirrorFace backdoor that is under continual development. Its
functionality includes capturing screenshots, keylogging, killing processes,
exfiltrating files, executing additional files, and encrypting defined files and
folders. The attack used a previously undocumented credential stealer that ESET
Research has named MirrorStealer. It is able to steal credentials from various
applications, such as browsers and email clients.

“During the Operation LiberalFace investigation, we managed to uncover further
MirrorFace tactics, techniques, and procedures, such as the deployment and
utilization of additional malware and tools to collect and exfiltrate valuable
data from victims. Moreover, our investigation revealed that the MirrorFace
operators are somewhat careless, leaving traces and making various mistakes,”
says ESET researcher Dominik Breitenbacher, who discovered the campaign.

MirrorFace is a Chinese-speaking threat actor targeting companies and
organizations based in Japan. While there is some speculation that this threat
actor might be related to APT10, ESET is unable to link it with any known APT
group. Therefore, ESET is tracking it as a separate entity named MirrorFace. In
particular, MirrorFace and LODEINFO, its proprietary malware used exclusively
against targets in Japan, have been reported as targeting media, defense-related
companies, think tanks, diplomatic organizations, and academic institutions. The
goal of MirrorFace is espionage and exfiltration of files of interest.

For more technical information about Operation LiberalFace by the MirrorFace APT
group, check out the blog post “Unmasking MirrorFace: Operation LiberalFace
targeting Japanese political entities” on WeLiveSecurity. Make sure to follow
ESET Research on Twitter for the latest news from ESET Research.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security
software and services to protect businesses, critical infrastructure, and
consumers worldwide from increasingly sophisticated digital threats. From
endpoint and mobile security to endpoint detection and response, as well as
encryption and multifactor authentication, ESET’s high-performing, easy-to-use
solutions unobtrusively protect and monitor 24/7, updating defenses in real time
to keep users safe and businesses running without interruption. Evolving threats
require an evolving IT security company that enables the safe use of technology.
This is backed by ESET’s R&D centers worldwide, working in support of our shared
future. For more information, visit www.eset.com or follow us on LinkedIn,
Facebook, and Twitter.

 * OlderIran-aligned Agrius group deploys new wiper through supply-chain attack
   in diamond industry, ESET Research discovers
 * NewerESET Research discovers StrongPity APT group’s espionage campaign
   targeting Android users with trojanized Telegram app


RELATED ARTICLES

 * WHY ARE VOTERS GOOD TARGETS FOR CYBERCRIMINALS — AND HOW CAN THEY STAY CYBER
   SAFE DURING ELECTIONS

 * INT
 * About ESET | Progress. Protected.
 * Newsroom
 * Press Releases
 * Chinese-speaking MirrorFace targeted a Japanese political party with
   espionage and credential-stealing malware ahead of elections, ESET Research
   uncovers

ESET
 * For Home
    * Home security Home security
    * Small office Small office
    * WHY ESET WHY ESET
    * Renew & Support Renew & Support
    * Shop all products
      
      FOR WINDOWS, MACOS AND ANDROID
   
   Home security Home security
   
   
   HOME SECURITY
   
   All-in-one protection of your digital life. Choose a plan according to your
   needs.
   
   Choose your plan
   
   Special solutions:
   
    * Small office security
       
    * NOD32 Antivirus
       
    * Smartphones
       
    * Parental control
       
    * VPN
   
   Small office Small office
   
   
   SMALL OFFICE SECURITY
   
   Reliable and user-friendly protection tailor made for small offices.
   
   Explore solution
   
   Complete security for small offices:
   
    * Malware, ransomware and phishing protection
    * Non stop Safe Banking
    * Encryption of sensitive data
    * Unlimited VPN
   
   and much more
   
   WHY ESET WHY ESET
   
   
   ENJOY WHAT MATTERS, 
   LEAVE THE REST TO ESET
   
   Learn what makes our acclaimed online security solution special and how it
   can help you protect your devices. 
   
   LEARN MORE
   Renew & Support Renew & Support
   
   RENEW
   
   Renew your existing ESET license and save
   
   Renew
   
   EXISTING CUSTOMERS
   
   Manage your subscription, update data and more
   
   Learn more
   
   Lost your subscription? Find it here

 * For Business
    * Business Solutions Business Solutions
    * Enterprise solutions Enterprise solutions
    * ESET Services ESET Services
    * ESET Platform ESET Platform
    * MSP & Partnerships MSP & Partnerships
    * Why ESET Why ESET
    * Help me choose
      
      FIND THE RIGHT LEVEL OF PROTECTION
   
   Business Solutions Business Solutions
   
   BUSINESS
   SOLUTIONS
   
   
   Protect your company endpoints,
   business data and users
   
   Solutions for Business
   
   RECOMMENDED SOLUTIONS
   
    * ESET PROTECT MDR
    * ESET PROTECT Complete
    * ESET PROTECT Advanced
   
    
   
   RECOMMENDED SERVICES
   
    * Managed Detection & Response
   
   Try before you buy
   
   Enterprise solutions Enterprise solutions
   
   ENTERPRISE
   SOLUTIONS
   
   
   Future-ready cybersecurity
   for powerful enterprise protection
   
   EXPLORE SOLUTIONS
   
   RECOMMENDED SOLUTIONS
   
    * ESET PROTECT MDR Ultimate
      All-in-one protection with premium 24/7 MDR service
    * ESET PROTECT Elite
      All-in-one protection with XDR to prevent breaches
       
   
   RECOMMENDED SERVICES
   
    * Managed Detection & Response
    * Premium Support
    * Threat Intelligence
   
   ESET Services ESET Services
   
   ESET SERVICES
   
   Choose from the Extensive Range of
   ESET Services
   
   Explore services
   
   RECOMMENDED SERVICES
   
    * MDR Services
    * Premium Support
    * Threat Intelligence
   
   ESET Platform ESET Platform
   
   ESET PROTECT PLATFORM
   
   Learn more about our unified cybersecurity platform and its uniquely balanced
   capabilities.
   
   Explore Platform
   
   Platform modules
   
    * Modern Endpoint Protection
    * Extended Detection & Response 
    * Mobile Threat Defense
    * Server Security
    * Encryption
    * Multi-Factor Authentication
    * Advanced Threat Defense
    * Mail Server Security
    * Cloud Application Protection
    * Vulnerability & Patch Management
    * Threat Intelligence
    * MDR Services
    * Premium Support Services
    * Console
   
   MSP & Partnerships MSP & Partnerships
   
   MANAGED SERVICE PROVIDERS
   
   Explore ESET MSP Program with daily billing & monthly invoicing
   
   FIND OUT MORE
   
   PARTNERSHIPS
   
    * Become a reseller
    * SDK
    * ISP & Telco
    * Technology Alliance
    * More about partnership
    * Integrations and Plugins
   
   Why ESET Why ESET
   
   WHY CHOOSE ESET?
   
   
   ESET is built on trust and stability, allowing it to offer leading technology
   through research excellence.
   
   WHY ESET?
   
   ADDITIONAL INFORMATION AND RESOURCES
   
    * Superior technology
    * Industry recognition
    * Corporate blog
    * Resource center
    * Compare ESET
    * Cybersecurity compliance

 * Download
    * Download Download
    * Get a free home trial Get a free home trial
    * Get a free business trial Get a free business trial
    * I have a home license I have a home license
    * I have a business license I have a business license
    * Tools and utilities Tools and utilities
    * 
   
   Download Download
   
   
   DOWNLOAD FOR
   HOME AND SMALL OFFICE
   
   Get a free 30-day trial
   
   I already purchased
   
   
   DOWNLOAD FOR
   BUSINESS
   
   Get a free business trial
   
   I have a business subscription
   
   Tools and Utilities
   
   Get a free home trial Get a free home trial
   
   Get a free business trial Get a free business trial
   
   I have a home license I have a home license
   
   I have a business license I have a business license
   
   Tools and utilities Tools and utilities
   
 * Existing customer?

 * About ESET
 * INTERNATIONAL
 * Menu



Global Headquarters
ESET, spol. s r.o.
Bratislava, Slovak Republic
More contacts

International (EN)

FOR HOME

 * All solutions for home
 * ESET HOME Security plans
 * Small office security
 * Android Security
 * NOD32 Antivirus
 * Online scanner
 * Subscription flexibility
 * Why ESET?

DOWNLOADS FOR HOME

 * Download free trial
 * I have a subscription

FOR BUSINESS

 * Small and mid-size business
 * Enterprise
 * All products for business
 * Services for business
 * Resource Center

DOWNLOADS FOR BUSINESS

 * Request business trial
 * I have a subscription

PARTNERSHIP

 * Partner with ESET
 * Reseller Program
 * MSP Program
 * Technology Alliance

SUPPORT

 * Existing customers
 * Support for home
 * Support for business
 * Security Forum
 * ESET Status Portal

ABOUT ESET

 * About us
 * ESET during COVID-19
 * Newsroom
 * Technology
 * Corporate Blog
 * Careers

FOR HOME

 * All solutions for home
 * ESET HOME Security plans
 * Small office security
 * Android Security
 * NOD32 Antivirus
 * Online scanner
 * Subscription flexibility
 * Why ESET?

DOWNLOADS FOR HOME

 * Download free trial
 * I have a subscription

FOR BUSINESS

 * Small and mid-size business
 * Enterprise
 * All products for business
 * Services for business
 * Resource Center

DOWNLOADS FOR BUSINESS

 * Request business trial
 * I have a subscription

PARTNERSHIP

 * Partner with ESET
 * Reseller Program
 * MSP Program
 * Technology Alliance

SUPPORT

 * Existing customers
 * Support for home
 * Support for business
 * Security Forum
 * ESET Status Portal

ABOUT ESET

 * About us
 * ESET during COVID-19
 * Newsroom
 * Technology
 * Corporate Blog
 * Careers

Global Headquarters
ESET, spol. s r.o.
Bratislava, Slovak Republic
More contacts


International (EN)

--------------------------------------------------------------------------------


 * Contact
 * Policy Hub
 * Privacy
 * Manage Cookies
 * Legal information
 * Report vulnerabilities
 * Sitemap

© 1992 - 2024 ESET, SPOL. S R.O. - ALL RIGHTS RESERVED. TRADEMARKS USED THEREIN
ARE TRADEMARKS OR REGISTERED TRADEMARKS OF ESET, SPOL. S R.O. OR ESET NORTH
AMERICA. ALL OTHER NAMES AND BRANDS ARE REGISTERED TRADEMARKS OF THEIR
RESPECTIVE COMPANIES.
5.22.1.MAS.8F4D0197.AWUS




Your account, your cookies choice
We and our partners use cookies to give you the best optimized online
experience, analyze our website traffic, and serve you with personalized ads.
You can agree to the collection of all cookies by clicking "Accept all and
close" or adjust your cookie settings by clicking "Manage cookies". You also
have the right to withdraw your consent or change your cookie preferences
anytime by clicking on "Manage cookies" link available at our website footer.
For more information, see our Cookie Policy.
Accept all and close
Manage cookies
Essential cookies
These first-party cookies are necessary for the functioning and security of our
website and the services you require. They are usually set in response to your
actions to enable the use of certain functionality, such as remembering your
cookie preferences, logging in, or holding items in your cart. You can´t opt out
of these cookies, and blocking them via a browser may affect site functionality.
Basic Analytical Cookies
These first-party cookies enable us to measure the number of visitors/users of
our website and create aggregated usage and performance statistics with the help
of our trusted partners. We use them to get the basic insight into our website
traffic and our campaign performance and to solve bugs on our website.
Advanced Analytical Cookies
These first or third-party cookies help us understand how you interact with our
website and each offered service by enriching our datasets with data from
third-party tools. We use these cookies to improve our website, services, and
user experience, find and solve bugs or other problems with them, and evaluate
our campaigns´ effectiveness.
Marketing cookies
These third-party cookies allow our marketing partners to track some of your
activities on our website (for example, when you download or buy our product) to
learn about your interests and needs and to show you more relevant targeted ads.
Accept and close
Back