According to data from ESET, the hacker group MirrorFace, reportedly linked to China, has launched an attack on a diplomatic organization in the European Union. This attack marks a significant shift for Mirrorface, which had previously focused its activities solely on targets in Japan, signifying an expansion of the group’s target attacks beyond Asia.
Although the specific diplomatic organization targeted was not disclosed, the attack involved the use of Spear Phishing tactics utilizing a Japanese-themed document. Recipients were lured into downloading a file named “Expo Exhibition in Japan in 2025”. Despite branching out geographically, Mirrorface remains fixated on Japan and related events.
Earlier warnings from Japanese authorities had already flagged the increasing activity of MirrorFace. Initially targeting media outlets, political organizations, analytical centers, and universities in Japan, the group has since broadened its scope to include production and research institutes in their list of targets.
ESET has observed that attacks on the group’s traditional targets have not ceased. Ongoing attempts to infiltrate various Japanese organizations, including research institutes and political parties, continue to persist.
Reports from the Japanese Coordination Center for Computer Incident Response Team (JPCert) indicate that the MirrorFace hackers have been focusing on media outlets, political organizations, and academic institutions in Japan since 2022. In a recent development, the attackers have expanded their scope to include manufacturers and research institutes, progressing from targeted phishing emails to exploiting vulnerabilities in products from Array AG and Fortigate.