China-Linked MirrorFace Cyber Espionage: Deploying ANEL and AsyncRAT in European Union Attack
Discover the latest cyber espionage operation by China-linked MirrorFace, targeting a diplomatic organization in the EU with ANEL and AsyncRAT malware.
TL;DR
The China-linked cyber espionage group, MirrorFace, has been found deploying ANEL and AsyncRAT malware in a targeted attack against a European Union diplomatic organization. This operation, detected by ESET in late August 2024, used Word Expo-related lures to compromise the institute’s systems. The attack highlights the evolving tactics of state-sponsored threat actors in cyber espionage campaigns.
China-Linked MirrorFace Targets EU Diplomatic Organization
Cybersecurity researchers have uncovered new details about a sophisticated malware campaign orchestrated by the China-aligned MirrorFace threat actor. This operation targeted a diplomatic organization within the European Union, employing a backdoor known as ANEL. The attack, detected by ESET in late August 2024, specifically singled out a Central European diplomatic institute using lures related to the upcoming Word Expo1.
Key Aspects of the Attack
- Target: A Central European diplomatic institute within the EU.
- Malware Used: ANEL and AsyncRAT.
- Detection: Identified by ESET in late August 2024.
- Lures: Themes related to the Word Expo.
Implications and Future Concerns
This incident underscores the ongoing threat posed by state-sponsored cyber espionage groups. The use of sophisticated malware like ANEL and AsyncRAT demonstrates the advanced capabilities of these actors. Organizations, particularly those in diplomatic and governmental sectors, must remain vigilant and implement robust cybersecurity measures to safeguard against such threats.
Additional Resources
For further insights, check:
References
-
The Hacker News (2025). “China-Linked MirrorFace Deploys ANEL”. The Hacker News. Retrieved 2025-03-18. ↩︎