Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) have attributed a persistent cyberattack campaign to the China-linked threat actor MirrorFace, also known as Earth Kasha, a subgroup of APT10. Targeting Japanese organizations, businesses, and individuals since 2019, the attacks aim to steal national security and advanced technology information. The campaigns involve spear-phishing emails, exploiting device vulnerabilities, and employing tools like ANEL, NOOPDOOR, and LODEINFO. Advanced techniques include using Visual Studio Code remote tunnels and Windows Sandbox to evade detection and maintain covert control.

‍