Japan Links Over 200 Cyberattacks to China-Backed MirrorFace Group

Authorities reveal a five-year campaign targeting national security and advanced technology sectors with sophisticated malware and phishing tactics.

Japan's National Police Agency and cybersecurity authorities attributed over 200 cyberattacks since 2019 to the Chinese state-backed hacking group MirrorFace.
The attacks targeted government agencies, politicians, journalists, think tanks, and industries such as aerospace, semiconductors, and manufacturing.
Three distinct campaigns were identified, involving phishing emails, exploitation of software vulnerabilities, and advanced evasion techniques like Windows Sandbox and VSCode tunnels.
Malware strains like LODEINFO, ANEL, and NOOPDOOR were used to steal sensitive data and maintain persistent access to compromised systems.
Japanese authorities have urged organizations to strengthen defenses, highlighting the country's ongoing cybersecurity vulnerabilities and the need for enhanced preventive measures.