ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR aka HiddenFace and ANEL aka UPPERCUT, Trend Micro said ...

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals...

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be...

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three year...

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the...

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U....

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

A Chinese-speaking advanced persistent threat APT actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the natio...

APT10 distributes LODEINFO malware to deploy infection chains

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control C2...

APT10: Tracking down LODEINFO 2022, part II

In the previous publication Tracking down LODEINFO 2022, part I, we mentioned that the initial infection methods vary in different attack scenarios and that the LODEINFO shellcode was regularly updated for use with each infection vector. In this article, we discuss improvements made to the LODEIN...

APT10: Tracking down LODEINFO 2022, part I

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The...

Cyber Attacks Against Middle East Governments Hide Malware in Windows Logo

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks...

Hikvision IP Camera RCE Vulnerability (HSRC-202109-01) - Active Check

Multiple Hikvision IP camera devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

New Qualys Research Report: Evolution of Quasar RAT

The Qualys Threat Research Team continues to inform enterprise cybersecurity teams of emerging threats that could impact their business. These threat intelligence reports summarize individual threat exploits and provide practical recommendations for protecting against them. In this free research...

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three...

Chinese APT group targets financial institutions in the campaign “Operation Cache Panda”

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Chinese threat actor APT10 conducted a series of large-scale supply chain attacks that exclusively targeted the financial software systems of Taiwanese financial institutions from the end of November 2021 until the middle of...

Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack

An advanced persistent threat APT group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a...

Hackers are implanting multiple backdoors at industrial targets in Japan

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attac...

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Why is the campaign called A41APT? In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT not APT41 which is derived from the host name...

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...