APT10 Strikes! MirrorFace’s Sinister Cyber Invasion Targets European Diplomats

A Chinese hacking group called MirrorFace has been caught targeting a diplomatic institute in Central Europe. This is the first known attack by MirrorFace in Europe, according to cybersecurity experts from ESET. Until now, the group has mainly focused on Japan, but this latest incident shows they are expanding their reach.

A Rising Cyber Threat in Europe

APT10, a well-known state-sponsored hacking group believed to be backed by the Chinese government, is linked to MirrorFace. The group has a long history of targeting important organizations in Japan, including government ministries, space agencies, and private companies. However, their recent activity in Europe shows they are widening their scope.

The hackers carried out a highly sophisticated attack by using spear-phishing emails. These are fake but convincing emails designed to trick people into opening malicious files. Once the target opened the infected attachment, the hackers installed dangerous programs like Anel and AsyncRAT to steal data and gain access to the system.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

How the Attack Unfolded

The attack on the Central European diplomatic institute occurred between June and September 2024.The attackers started the attack with spear-phishing emails carrying carefully crafted messages about the upcoming World Expo 2025 in Osaka, Japan. The hackers used this event as bait, hoping that the recipients would be curious enough to open the attachments.

Once the malicious files were opened, the hackers deployed Anel, a type of backdoor malware. A backdoor is a sneaky program that allows attackers to secretly access and control a system without the user’s knowledge. APT10 specifically uses Anel, strongly suggesting that MirrorFace is a subgroup of this larger hacking organization.

Cyber Attacks on Connected Cars

The group also used AsyncRAT, a remote access tool that lets them control the infected computers from afar. This tool was cleverly run inside Windows Sandbox, a virtual environment meant to isolate potentially unsafe programs. Running it this way helped the hackers avoid detection by antivirus software.

Later in the attack, the hackers deployed HiddenFace, their main backdoor tool. This helped them stay on the infected systems for longer periods, making it easier to steal more data and continue their operations.

The Tools and Techniques Used

During the attack, MirrorFace used a variety of advanced tools and techniques to avoid detection and increase their control over the targeted systems.

  • Anel – This is a backdoor program used by APT10. It allows the attackers to remotely access and control infected systems.
  • AsyncRAT – A remote access tool that provides hackers with the ability to execute commands, steal information, and manipulate the system.
  • Anelldr – This is a program used to load Anel onto the infected system.
  • HiddenFace – A more advanced backdoor used in later stages of the attack to strengthen their hold on the compromised system.
  • FaceXInjector – A tool used to load the HiddenFace backdoor.
  • Hidden Start – A tool that bypasses User Account Control (UAC), making it easier for the malware to run without triggering security warnings.

In some cases, the group used legitimate software like VS Code (a popular programming tool) to create hidden tunnels. These tunnels allowed the attackers to sneak in and out of the system without being noticed.

The hackers also stole sensitive data, including contact lists, stored passwords, autofill information, and even saved credit card details from Google Chrome. To gain deeper access, they installed additional tools on another system within the diplomatic institute’s network. This allowed them to move through the network more easily and potentially access more critical information.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Expanding Beyond Japan

Although MirrorFace has been mainly active in Japan, their latest attack in Europe indicates a broader, more ambitious operation. The group continues to focus on Japan-related events, such as the World Expo 2025, even when targeting other countries.

This incident highlights how hacking groups linked to powerful nations are growing bolder and using more sophisticated techniques. By employing backdoors, remote access tools, and stealthy execution methods, MirrorFace is becoming increasingly dangerous and difficult to detect.

Cybersecurity experts warn that these types of attacks could become more frequent and widespread, making it essential for organizations worldwide to remain vigilant against evolving cyber threats.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Shocking Files Reveal Bill Clinton Letter in Epstein’s Infamous ‘Birthday Book’

Oversight Committee Releases New Epstein Records The House Oversight Committee...

McGregor channels Trump populism with Musk support in high-stakes Irish presidential race

In early September 2025, Ireland was taken by surprise...

Federal authorities seize $3 million in crypto linked to ransomware that hit US hospitals

Federal authorities have seized nearly $3 million worth of...

Bernie Sanders backs Zohran Mamdani in New York City mayor race citing grassroots momentum

A major political figure has stepped into the New...

JPMorgan handled $1.1 billion for Jeffrey Epstein despite warnings of criminal ties and reputation risk

JPMorgan Chase, one of America’s biggest banks, had a...

Qualys confirms limited Salesforce data access during Drift hacking campaign raising security concerns

Hackers accessed some Salesforce information from risk management company...

Ashley Hinson sparks clash with Newsom after claiming America should look more like Iowa

A sharp political exchange has broken out after U.S....

WSJ report says malware email linked to Chinese group aimed at U.S. tariff negotiations

U.S. authorities are investigating a suspicious email that carried...

Newsom mocks Rose Garden “Predator Patio” while millions face health care cuts

A political storm erupted after a freshly renovated section...

Related Articles

Popular Categories

error: Content is protected !!