HomeRisk ManagementsChinese Advanced Persistent Threat Group Found Stealing Japan's Confidential Information

Chinese Advanced Persistent Threat Group Found Stealing Japan’s Confidential Information

Published on

spot_img

Japanese authorities have issued a warning to organizations in the country about a sophisticated Chinese state-backed cyber-espionage operation known as “MirrorFace” targeting technology and national security secrets. The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity revealed that the advanced persistent threat group (APT) known as MirrorFace has been active since 2019.

The purpose of the alert is to inform targeted organizations, businesses, and individuals about the cyber threats they face and to urge them to implement security measures to prevent damage from cyberattacks. MirrorFace has been utilizing various tactics to infiltrate Japanese networks and steal sensitive information.

One of the earliest tactics employed by MirrorFace was an elaborate phishing campaign that spanned from 2019 to 2023, targeting think tanks, governments, and politicians in Japan. The group used this campaign to deliver malware and gain access to confidential data. In 2023, the operation shifted focus towards exploiting vulnerabilities in network devices across different sectors including healthcare, manufacturing, information and communications, education, and aerospace. Vulnerabilities in devices such as Fortinet FortiOS and Citrix ADC were leveraged by MirrorFace to gain unauthorized access.

Another phishing campaign by MirrorFace was initiated in June 2024, this time targeting the media, think tanks, and politicians in Japan. Additionally, between February and October 2023, the group exploited an SQL injection vulnerability in an external public server to breach Japanese organizations. These revelations shed light on the persistent and diverse cyber threats posed by MirrorFace to Japanese entities.

The activities of MirrorFace are part of a broader trend of Chinese-sponsored cyberattacks targeting various countries, including recent attacks on US and global telecom companies, as well as the US Department of the Treasury by a different APT group named “Salt Typhoon.” Experts believe that MirrorFace is operating as a cyber-warfare unit of the People’s Liberation Army (PLA), utilizing tactics such as spear-phishing campaigns and weaponized code to steal credentials and data.

Mark Bowling, a former FBI special agent and chief information security and risk officer at ExtraHop, pointed out that geopolitical tensions worldwide could lead to an increase in APT activity by nation-state actors targeting critical infrastructure. As conflicts in regions like Ukraine, Taiwan, and the Middle East escalate, the digital realm is increasingly becoming a battleground for cyber warfare. Bowling warned that nation-state groups are likely to step up their efforts in targeting essential services like utilities, telecommunications, and healthcare.

In conclusion, the MirrorFace cyber-espionage operation highlights the evolving nature of cyber threats from state-sponsored entities and the importance of robust cybersecurity measures to safeguard sensitive information and infrastructure. Organizations must remain vigilant and proactive in defending against sophisticated cyberattacks to protect their data and national security interests.

Source link

Latest articles

Urgent Patch Needed for Critical Meeting Management Bug

In recent news, Cisco has addressed a critical vulnerability in its Cisco Meeting Management...

Subaru’s STARLINK Connected Car Vulnerability Allows Attackers to Gain Restricted Access

Cybersecurity researchers Shubham Shah and a colleague made an astonishing discovery on November 20,...

Apono’s Achievements in 2024 Pave the Way for Innovative Cloud Access Management in 2025

Apono, a prominent provider of privileged access solutions for the cloud, has recently disclosed...

Subaru Starlink Vulnerability Exposes Cars to Remote Hacking

A recent discovery by security researcher Sam Curry has unveiled a vulnerability in Subaru’s...

More like this

Urgent Patch Needed for Critical Meeting Management Bug

In recent news, Cisco has addressed a critical vulnerability in its Cisco Meeting Management...

Subaru’s STARLINK Connected Car Vulnerability Allows Attackers to Gain Restricted Access

Cybersecurity researchers Shubham Shah and a colleague made an astonishing discovery on November 20,...

Apono’s Achievements in 2024 Pave the Way for Innovative Cloud Access Management in 2025

Apono, a prominent provider of privileged access solutions for the cloud, has recently disclosed...