APT10 Strikes! MirrorFace’s Sinister Cyber Invasion Targets European Diplomats

A Chinese hacking group called MirrorFace has been caught targeting a diplomatic institute in Central Europe. This is the first known attack by MirrorFace in Europe, according to cybersecurity experts from ESET. Until now, the group has mainly focused on Japan, but this latest incident shows they are expanding their reach.

A Rising Cyber Threat in Europe

APT10, a well-known state-sponsored hacking group believed to be backed by the Chinese government, is linked to MirrorFace. The group has a long history of targeting important organizations in Japan, including government ministries, space agencies, and private companies. However, their recent activity in Europe shows they are widening their scope.

The hackers carried out a highly sophisticated attack by using spear-phishing emails. These are fake but convincing emails designed to trick people into opening malicious files. Once the target opened the infected attachment, the hackers installed dangerous programs like Anel and AsyncRAT to steal data and gain access to the system.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

How the Attack Unfolded

The attack on the Central European diplomatic institute occurred between June and September 2024.The attackers started the attack with spear-phishing emails carrying carefully crafted messages about the upcoming World Expo 2025 in Osaka, Japan. The hackers used this event as bait, hoping that the recipients would be curious enough to open the attachments.

Once the malicious files were opened, the hackers deployed Anel, a type of backdoor malware. A backdoor is a sneaky program that allows attackers to secretly access and control a system without the user’s knowledge. APT10 specifically uses Anel, strongly suggesting that MirrorFace is a subgroup of this larger hacking organization.

Cyber Attacks on Connected Cars

The group also used AsyncRAT, a remote access tool that lets them control the infected computers from afar. This tool was cleverly run inside Windows Sandbox, a virtual environment meant to isolate potentially unsafe programs. Running it this way helped the hackers avoid detection by antivirus software.

Later in the attack, the hackers deployed HiddenFace, their main backdoor tool. This helped them stay on the infected systems for longer periods, making it easier to steal more data and continue their operations.

The Tools and Techniques Used

During the attack, MirrorFace used a variety of advanced tools and techniques to avoid detection and increase their control over the targeted systems.

  • Anel – This is a backdoor program used by APT10. It allows the attackers to remotely access and control infected systems.
  • AsyncRAT – A remote access tool that provides hackers with the ability to execute commands, steal information, and manipulate the system.
  • Anelldr – This is a program used to load Anel onto the infected system.
  • HiddenFace – A more advanced backdoor used in later stages of the attack to strengthen their hold on the compromised system.
  • FaceXInjector – A tool used to load the HiddenFace backdoor.
  • Hidden Start – A tool that bypasses User Account Control (UAC), making it easier for the malware to run without triggering security warnings.

In some cases, the group used legitimate software like VS Code (a popular programming tool) to create hidden tunnels. These tunnels allowed the attackers to sneak in and out of the system without being noticed.

The hackers also stole sensitive data, including contact lists, stored passwords, autofill information, and even saved credit card details from Google Chrome. To gain deeper access, they installed additional tools on another system within the diplomatic institute’s network. This allowed them to move through the network more easily and potentially access more critical information.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Expanding Beyond Japan

Although MirrorFace has been mainly active in Japan, their latest attack in Europe indicates a broader, more ambitious operation. The group continues to focus on Japan-related events, such as the World Expo 2025, even when targeting other countries.

This incident highlights how hacking groups linked to powerful nations are growing bolder and using more sophisticated techniques. By employing backdoors, remote access tools, and stealthy execution methods, MirrorFace is becoming increasingly dangerous and difficult to detect.

Cybersecurity experts warn that these types of attacks could become more frequent and widespread, making it essential for organizations worldwide to remain vigilant against evolving cyber threats.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

“Pay more and enjoy nothing”—Newsom torches Trump’s tariff push as costs for food, cars, and flights soar

California Governor Gavin Newsom has strongly criticized President Donald...

Eric Trump explodes on Newsmax — claims Biden tried to break up Donald and Melania’s marriage

Eric Trump has sparked fresh controversy after making a...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

Related Articles

Popular Categories

error: Content is protected !!