9 matches found
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals...
Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three year...
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the...
China-based MirrorFace APT group targeting Japanese Political Entities
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A Chinese-speaking APT group named MirrorFace has started its attacks by spearphishing campaign with LODEINFO backdoor, targeting Japanese political entities since June 29, 2022 and this campaign operatio...
Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities
A Chinese-speaking advanced persistent threat APT actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the natio...
APT10 distributes LODEINFO malware to deploy infection chains
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control C2...
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations, and think-tanks in Japan, according to twin reports...
APT10: Tracking down LODEINFO 2022, part II
In the previous publication Tracking down LODEINFO 2022, part I, we mentioned that the initial infection methods vary in different attack scenarios and that the LODEINFO shellcode was regularly updated for use with each infection vector. In this article, we discuss improvements made to the LODEIN...
APT10: Tracking down LODEINFO 2022, part I
Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The...