China-linked hackers tasked with Japanese targets pursue them through Europe

Avatar

MirrorFace, a hacking group that researchers believe is aligned with China, has been spotted targeting a diplomatic organization in the European Union for the first time.

The Slovak cybersecurity company ESET described the incident on Thursday in its latest quarterly report, noting the move marks an expansion in the threat group’s range of targets which have historically been restricted to entities in Japan.

Although the identity of the target diplomatic organization wasn’t disclosed, the lure document in the spearphishing email maintained a Japanese theme, encouraging the target to download a document titled “The EXPO Exhibition in Japan in 2025.”

“Even considering this new geographic targeting, MirrorFace remains focused on Japan and events related to it,” reported ESET.

It follows Japanese authorities warning in July of an expansion in activities linked to MirrorFace. While the hackers focused initially on gaining access to “media, political organizations, think-tanks and universities” in the country, they were increasingly also including “manufacturers and research institutions.”

ESET wrote: “MirrorFace operations against its usual targets didn’t stop. We continued to see the threat actor targeting various Japanese organizations, such as a research institute and a political party.”

Alleged targeting of Japanese institutions by China-linked threat groups has increased in recent years. Last August, Japan’s own cybersecurity agency announced that it itself had been hacked, with the attackers potentially accessing sensitive data for nine months before being discovered.

Japan did not publicly attribute the incident to a specific threat actor. However, a report by the Financial Times, citing three government and private sector sources familiar with the situation, said that state-backed Chinese hackers were suspected of being behind the attack.

That followed a report by the Washington Post that the U.S. National Security Agency discovered Chinese military hackers had compromised Japan’s defense networks back in 2020, described as “one of the most damaging hacks” in Japan’s history.

CybercrimeChinaNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

North Korea allegedly targeting crypto businesses with Mac-focused malware

Related Posts

THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 16-22)

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean
Avatar
Read More