China-linked hackers tasked with Japanese targets pursue them through Europe

Avatar

MirrorFace, a hacking group that researchers believe is aligned with China, has been spotted targeting a diplomatic organization in the European Union for the first time.

The Slovak cybersecurity company ESET described the incident on Thursday in its latest quarterly report, noting the move marks an expansion in the threat group’s range of targets which have historically been restricted to entities in Japan.

Although the identity of the target diplomatic organization wasn’t disclosed, the lure document in the spearphishing email maintained a Japanese theme, encouraging the target to download a document titled “The EXPO Exhibition in Japan in 2025.”

“Even considering this new geographic targeting, MirrorFace remains focused on Japan and events related to it,” reported ESET.

It follows Japanese authorities warning in July of an expansion in activities linked to MirrorFace. While the hackers focused initially on gaining access to “media, political organizations, think-tanks and universities” in the country, they were increasingly also including “manufacturers and research institutions.”

ESET wrote: “MirrorFace operations against its usual targets didn’t stop. We continued to see the threat actor targeting various Japanese organizations, such as a research institute and a political party.”

Alleged targeting of Japanese institutions by China-linked threat groups has increased in recent years. Last August, Japan’s own cybersecurity agency announced that it itself had been hacked, with the attackers potentially accessing sensitive data for nine months before being discovered.

Japan did not publicly attribute the incident to a specific threat actor. However, a report by the Financial Times, citing three government and private sector sources familiar with the situation, said that state-backed Chinese hackers were suspected of being behind the attack.

That followed a report by the Washington Post that the U.S. National Security Agency discovered Chinese military hackers had compromised Japan’s defense networks back in 2020, described as “one of the most damaging hacks” in Japan’s history.

CybercrimeChinaNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

North Korea allegedly targeting crypto businesses with Mac-focused malware

Next Post

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

Related Posts

Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has been pinned on an entity that's known as Emennet Pasargad, which the agencies said has been operating
Avatar
Read More