diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index c3676ff..91b2094 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13000,6 +13000,19 @@ }, "uuid": "615311f0-58d4-4d1d-ac86-6ba86d119317", "value": "KAX17" + }, + { + "description": "MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplomatic, and political entities. They have been conducting spear-phishing campaigns, utilizing malware such as LODEINFO and MirrorStealer to steal credentials and exfiltrate sensitive data. While there is speculation about their connection to APT10, ESET currently track them as a separate entity.", + "meta": { + "country": "CN", + "refs": [ + "https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/", + "https://web-assets.esetstatic.com/wls/2023/01/eset_apt_activity_report_t32022.pdf", + "https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/" + ] + }, + "uuid": "e992d874-604b-4a09-9c6c-0319d5be652a", + "value": "MirrorFace" } ], "version": 294