"Chinese MirrorFace APT Group Targets Japanese Political Entities"

Researchers at ESET recently uncovered a spear-phishing campaign aimed at Japanese political entities and linked it to the Chinese-speaking Advanced Persistent Threat (APT) group called MirrorFace. The researchers monitored the campaign dubbed Operation LiberalFace, targeting Japanese political entities in a particular political party. The spear-phishing messages were used to deliver the LODEINFO backdoor, which is an implant used to drop additional payloads and exfiltrate sensitive data from the victims' systems. The researchers also shared details on the deployment of a previously unknown credential stealer named MirrorStealer. One of the spear-phishing messages examined by the researchers appeared to be an official communication from the Public Relations department of a certain Japanese political party. The email contained a request for the House of Councillors elections, with an attachment that, when executed, installed the LODEINFO malware. The email encouraged recipients to post the linked films on their own social media pages. This article continues to discuss the MirrorFace APT group targeting Japanese political entities.  

Security Affairs reports "Chinese MirrorFace APT Group Targets Japanese Political Entities"