China-linked hackers tasked with Japanese targets pursue them through Europe

Avatar

MirrorFace, a hacking group that researchers believe is aligned with China, has been spotted targeting a diplomatic organization in the European Union for the first time.

The Slovak cybersecurity company ESET described the incident on Thursday in its latest quarterly report, noting the move marks an expansion in the threat group’s range of targets which have historically been restricted to entities in Japan.

Although the identity of the target diplomatic organization wasn’t disclosed, the lure document in the spearphishing email maintained a Japanese theme, encouraging the target to download a document titled “The EXPO Exhibition in Japan in 2025.”

“Even considering this new geographic targeting, MirrorFace remains focused on Japan and events related to it,” reported ESET.

It follows Japanese authorities warning in July of an expansion in activities linked to MirrorFace. While the hackers focused initially on gaining access to “media, political organizations, think-tanks and universities” in the country, they were increasingly also including “manufacturers and research institutions.”

ESET wrote: “MirrorFace operations against its usual targets didn’t stop. We continued to see the threat actor targeting various Japanese organizations, such as a research institute and a political party.”

Alleged targeting of Japanese institutions by China-linked threat groups has increased in recent years. Last August, Japan’s own cybersecurity agency announced that it itself had been hacked, with the attackers potentially accessing sensitive data for nine months before being discovered.

Japan did not publicly attribute the incident to a specific threat actor. However, a report by the Financial Times, citing three government and private sector sources familiar with the situation, said that state-backed Chinese hackers were suspected of being behind the attack.

That followed a report by the Washington Post that the U.S. National Security Agency discovered Chinese military hackers had compromised Japan’s defense networks back in 2020, described as “one of the most damaging hacks” in Japan’s history.

CybercrimeChinaNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

North Korea allegedly targeting crypto businesses with Mac-focused malware

Next Post

Texas-based oilfield supplier faces disruptions following ransomware attack

Related Posts

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend
Avatar
Read More

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,
Avatar
Read More