Japan Attributes More Than 200 Cyberattacks to China Threat Actor "MirrorFace"

Stu Sjouwerman | Jan 15, 2025

Financial Services Cyber Attacks Start with Costly PhishJapan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.

The attacks, which began with spear phishing emails, targeted “Japanese think tanks, government (including retired employees), politicians, and individuals and organizations related to the media.”

Later campaigns also focused on organizations in the semiconductor, aerospace and academia sectors.

The NPA describes malware attacks that occurred from December 2019 through 2024. The spear phishing emails contained either a malicious attachment or a link to download the malware. Many of the phishing emails used geopolitical themes that would be of interest to the targeted individuals, such as “Japan-US alliance” or “Taiwan Strait.”

Once the malware was installed, it used advanced techniques to remain hidden for long periods of time.

The NPA reminds users to be wary of documents that ask you to enable macros, since this is a popular method for malware installation.

“When you open an attachment or downloaded file, you may be prompted to click the ‘Enable Content’ macro button in the Microsoft Office file, but do not do so carelessly,” the NPA says.

“Macros are convenient functions that can perform various processes automatically, but you should consider whether advanced functions such as macros are truly necessary to display and view the contents of the received file (papers, application forms, guides, etc.), and if you suspect something suspicious, check with the provider of the file.”

Phishing is used as an initial access vector by threat actors of all levels of sophistication because it’s so effective. New-school security awareness training can give your organization an essential layer of defense against targeted social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Infosecurity Magazine has the story.

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.