Operation LiberalFace
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Aliases: lodeinfo, mirrorstealer
Operation LiberalFace is a cyberespionage campaign launched in late June 2022 by the Chinese-speaking APT group MirrorFace, also known as Earth Kasha. This campaign specifically targeted Japanese political entities, focusing on members of a particular political party in the weeks leading up to the July 2022 House of Councillors election. MirrorFace is primarily motivated by espionage and the exfiltration of sensitive information, a consistent objective for the group, which has been active since at least 2019. A key distinguishing feature of this operation was the use of a previously undocumented credential stealer named MirrorStealer, deployed alongside their flagship LODEINFO backdoor. While some speculate about MirrorFace's ties to APT10, ESET researchers track it as a distinct entity.