www.eset.com
Open in
urlscan Pro
2600:1408:c400:27::17da:daa5
Public Scan
Submitted URL: http://www.eset.com/int/about/newsroom/press-releases/research/chinese-speaking-mirrorface-targeted-a-japanese-polit...
Effective URL: https://www.eset.com/int/about/newsroom/press-releases/research/chinese-speaking-mirrorface-targeted-a-japanese-polit...
Submission: On July 22 via api from DE — Scanned from US
Effective URL: https://www.eset.com/int/about/newsroom/press-releases/research/chinese-speaking-mirrorface-targeted-a-japanese-polit...
Submission: On July 22 via api from DE — Scanned from US
Form analysis
0 forms found in the DOMText Content
CHINESE-SPEAKING MIRRORFACE TARGETED A JAPANESE POLITICAL PARTY WITH ESPIONAGE AND CREDENTIAL-STEALING MALWARE AHEAD OF ELECTIONS, ESET RESEARCH UNCOVERS 14 Dec 2022 Next story Editor14 Dec 2022 * At the end of June 2022, MirrorFace launched Operation LiberalFace, which targeted Japanese political entities. * Spearphishing email messages containing the group's flagship backdoor LODEINFO were sent to the targets. * LODEINFO was used to deliver additional malware, exfiltrate the victims’ credentials, and steal the victims’ documents and emails. * A previously undescribed credential stealer we have named MirrorStealer was used in Operation LiberalFace. * MirrorFace is a Chinese-speaking APT group targeting companies and organizations based in Japan. BRATISLAVA, BRNO — December 14, 2022 — ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors elections in July 2022, by the APT group that ESET Research tracks as MirrorFace. The investigation into the campaign, which ESET Research has named Operation LiberalFace and which targeted Japanese political entities, revealed that the members of a specific Japanese political party were of particular focus in this campaign. The spearphishing email messages contained the group's flagship backdoor LODEINFO, which was used to deliver additional malware, exfiltrate the victims’ credentials, and steal the victims’ documents and emails. MirrorFace is a Chinese-speaking threat actor with targets based in Japan. Purporting to be a Japanese political party’s PR department, MirrorFace asked the email recipients to distribute the attached videos on their own social media profiles to further strengthen the party’s PR and to secure victory in the House of Councillors. Furthermore, the email provides clear instructions on the videos’ publication strategy. The email was purportedly sent on behalf of a prominent politician. All spearphishing messages contained a malicious attachment that upon execution deployed LODEINFO on the compromised machine. MirrorFace started the attack on June 29, 2022, ahead of the Japanese elections in July. LODEINFO is a MirrorFace backdoor that is under continual development. Its functionality includes capturing screenshots, keylogging, killing processes, exfiltrating files, executing additional files, and encrypting defined files and folders. The attack used a previously undocumented credential stealer that ESET Research has named MirrorStealer. It is able to steal credentials from various applications, such as browsers and email clients. “During the Operation LiberalFace investigation, we managed to uncover further MirrorFace tactics, techniques, and procedures, such as the deployment and utilization of additional malware and tools to collect and exfiltrate valuable data from victims. Moreover, our investigation revealed that the MirrorFace operators are somewhat careless, leaving traces and making various mistakes,” says ESET researcher Dominik Breitenbacher, who discovered the campaign. MirrorFace is a Chinese-speaking threat actor targeting companies and organizations based in Japan. While there is some speculation that this threat actor might be related to APT10, ESET is unable to link it with any known APT group. Therefore, ESET is tracking it as a separate entity named MirrorFace. In particular, MirrorFace and LODEINFO, its proprietary malware used exclusively against targets in Japan, have been reported as targeting media, defense-related companies, think tanks, diplomatic organizations, and academic institutions. The goal of MirrorFace is espionage and exfiltration of files of interest. For more technical information about Operation LiberalFace by the MirrorFace APT group, check out the blog post “Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. About ESET For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure, and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter. * OlderIran-aligned Agrius group deploys new wiper through supply-chain attack in diamond industry, ESET Research discovers * NewerESET Research discovers StrongPity APT group’s espionage campaign targeting Android users with trojanized Telegram app RELATED ARTICLES * WHY ARE VOTERS GOOD TARGETS FOR CYBERCRIMINALS — AND HOW CAN THEY STAY CYBER SAFE DURING ELECTIONS * INT * About ESET | Progress. Protected. * Newsroom * Press Releases * Chinese-speaking MirrorFace targeted a Japanese political party with espionage and credential-stealing malware ahead of elections, ESET Research uncovers ESET * For Home * Home security Home security * Small office Small office * WHY ESET WHY ESET * Renew & Support Renew & Support * Shop all products FOR WINDOWS, MACOS AND ANDROID Home security Home security HOME SECURITY All-in-one protection of your digital life. Choose a plan according to your needs. Choose your plan Special solutions: * Small office security * NOD32 Antivirus * Smartphones * Parental control * VPN Small office Small office SMALL OFFICE SECURITY Reliable and user-friendly protection tailor made for small offices. Explore solution Complete security for small offices: * Malware, ransomware and phishing protection * Non stop Safe Banking * Encryption of sensitive data * Unlimited VPN and much more WHY ESET WHY ESET ENJOY WHAT MATTERS, LEAVE THE REST TO ESET Learn what makes our acclaimed online security solution special and how it can help you protect your devices. LEARN MORE Renew & Support Renew & Support RENEW Renew your existing ESET license and save Renew EXISTING CUSTOMERS Manage your subscription, update data and more Learn more Lost your subscription? Find it here * For Business * Business Solutions Business Solutions * Enterprise solutions Enterprise solutions * ESET Services ESET Services * ESET Platform ESET Platform * MSP & Partnerships MSP & Partnerships * Why ESET Why ESET * Help me choose FIND THE RIGHT LEVEL OF PROTECTION Business Solutions Business Solutions BUSINESS SOLUTIONS Protect your company endpoints, business data and users Solutions for Business RECOMMENDED SOLUTIONS * ESET PROTECT MDR * ESET PROTECT Complete * ESET PROTECT Advanced RECOMMENDED SERVICES * Managed Detection & Response Try before you buy Enterprise solutions Enterprise solutions ENTERPRISE SOLUTIONS Future-ready cybersecurity for powerful enterprise protection EXPLORE SOLUTIONS RECOMMENDED SOLUTIONS * ESET PROTECT MDR Ultimate All-in-one protection with premium 24/7 MDR service * ESET PROTECT Elite All-in-one protection with XDR to prevent breaches RECOMMENDED SERVICES * Managed Detection & Response * Premium Support * Threat Intelligence ESET Services ESET Services ESET SERVICES Choose from the Extensive Range of ESET Services Explore services RECOMMENDED SERVICES * MDR Services * Premium Support * Threat Intelligence ESET Platform ESET Platform ESET PROTECT PLATFORM Learn more about our unified cybersecurity platform and its uniquely balanced capabilities. Explore Platform Platform modules * Modern Endpoint Protection * Extended Detection & Response * Mobile Threat Defense * Server Security * Encryption * Multi-Factor Authentication * Advanced Threat Defense * Mail Server Security * Cloud Application Protection * Vulnerability & Patch Management * Threat Intelligence * MDR Services * Premium Support Services * Console MSP & Partnerships MSP & Partnerships MANAGED SERVICE PROVIDERS Explore ESET MSP Program with daily billing & monthly invoicing FIND OUT MORE PARTNERSHIPS * Become a reseller * SDK * ISP & Telco * Technology Alliance * More about partnership * Integrations and Plugins Why ESET Why ESET WHY CHOOSE ESET? ESET is built on trust and stability, allowing it to offer leading technology through research excellence. WHY ESET? ADDITIONAL INFORMATION AND RESOURCES * Superior technology * Industry recognition * Corporate blog * Resource center * Compare ESET * Cybersecurity compliance * Download * Download Download * Get a free home trial Get a free home trial * Get a free business trial Get a free business trial * I have a home license I have a home license * I have a business license I have a business license * Tools and utilities Tools and utilities * Download Download DOWNLOAD FOR HOME AND SMALL OFFICE Get a free 30-day trial I already purchased DOWNLOAD FOR BUSINESS Get a free business trial I have a business subscription Tools and Utilities Get a free home trial Get a free home trial Get a free business trial Get a free business trial I have a home license I have a home license I have a business license I have a business license Tools and utilities Tools and utilities * Existing customer? * About ESET * INTERNATIONAL * Menu Global Headquarters ESET, spol. s r.o. Bratislava, Slovak Republic More contacts International (EN) FOR HOME * All solutions for home * ESET HOME Security plans * Small office security * Android Security * NOD32 Antivirus * Online scanner * Subscription flexibility * Why ESET? DOWNLOADS FOR HOME * Download free trial * I have a subscription FOR BUSINESS * Small and mid-size business * Enterprise * All products for business * Services for business * Resource Center DOWNLOADS FOR BUSINESS * Request business trial * I have a subscription PARTNERSHIP * Partner with ESET * Reseller Program * MSP Program * Technology Alliance SUPPORT * Existing customers * Support for home * Support for business * Security Forum * ESET Status Portal ABOUT ESET * About us * ESET during COVID-19 * Newsroom * Technology * Corporate Blog * Careers FOR HOME * All solutions for home * ESET HOME Security plans * Small office security * Android Security * NOD32 Antivirus * Online scanner * Subscription flexibility * Why ESET? DOWNLOADS FOR HOME * Download free trial * I have a subscription FOR BUSINESS * Small and mid-size business * Enterprise * All products for business * Services for business * Resource Center DOWNLOADS FOR BUSINESS * Request business trial * I have a subscription PARTNERSHIP * Partner with ESET * Reseller Program * MSP Program * Technology Alliance SUPPORT * Existing customers * Support for home * Support for business * Security Forum * ESET Status Portal ABOUT ESET * About us * ESET during COVID-19 * Newsroom * Technology * Corporate Blog * Careers Global Headquarters ESET, spol. s r.o. Bratislava, Slovak Republic More contacts International (EN) -------------------------------------------------------------------------------- * Contact * Policy Hub * Privacy * Manage Cookies * Legal information * Report vulnerabilities * Sitemap © 1992 - 2024 ESET, SPOL. S R.O. - ALL RIGHTS RESERVED. TRADEMARKS USED THEREIN ARE TRADEMARKS OR REGISTERED TRADEMARKS OF ESET, SPOL. S R.O. OR ESET NORTH AMERICA. ALL OTHER NAMES AND BRANDS ARE REGISTERED TRADEMARKS OF THEIR RESPECTIVE COMPANIES. 5.22.1.MAS.8F4D0197.AWUS Your account, your cookies choice We and our partners use cookies to give you the best optimized online experience, analyze our website traffic, and serve you with personalized ads. You can agree to the collection of all cookies by clicking "Accept all and close" or adjust your cookie settings by clicking "Manage cookies". You also have the right to withdraw your consent or change your cookie preferences anytime by clicking on "Manage cookies" link available at our website footer. For more information, see our Cookie Policy. Accept all and close Manage cookies Essential cookies These first-party cookies are necessary for the functioning and security of our website and the services you require. They are usually set in response to your actions to enable the use of certain functionality, such as remembering your cookie preferences, logging in, or holding items in your cart. You can´t opt out of these cookies, and blocking them via a browser may affect site functionality. Basic Analytical Cookies These first-party cookies enable us to measure the number of visitors/users of our website and create aggregated usage and performance statistics with the help of our trusted partners. We use them to get the basic insight into our website traffic and our campaign performance and to solve bugs on our website. Advanced Analytical Cookies These first or third-party cookies help us understand how you interact with our website and each offered service by enriching our datasets with data from third-party tools. We use these cookies to improve our website, services, and user experience, find and solve bugs or other problems with them, and evaluate our campaigns´ effectiveness. Marketing cookies These third-party cookies allow our marketing partners to track some of your activities on our website (for example, when you download or buy our product) to learn about your interests and needs and to show you more relevant targeted ads. Accept and close Back