A European Union diplomatic organization has been the target of a threat actor with ties to China, MirrorFace. The hacking team has never before targeted an organization in the area. It is determined that MirrorFace, also known as Earth Kasha, is a member of the APT10 umbrella group.

Since at least 2019, it has been known to target Japanese organizations; however, in early 2023, a new campaign was observed that extended its operations to Taiwan and India. Additionally, it comes after a Bloomberg report claimed that Singapore Telecommunications (Singtel) was breached by the China-affiliated Volt Typhoon as a "test run" of a larger campaign aimed at telecom firms and other vital infrastructure. The development coincides with the discovery that threat actors connected to China, such as Webworm, Granite Typhoon, and Flax Typhoon, are depending more and more on the open-source, multi-platform SoftEther VPN.

The report was produced using Trend Micro's analysis of LODEINFO campaigns. The Trend Micro analysis will be added to the report after it is published on November 19,

2024.

Visit Trend Micro at www.trendmicro.com/LODEINFO and LodeINFO.org for additional details. Visit a local Samaritans branch or give them a call at 08457 90 90 90 for private assistance; for more information, visit www.samaritans.org. Dial 1-800-273-8255 to reach the National Suicide Prevention Lifeline in the United States.

For assistance in the UK, go to http://www.samarsitans.com/ or call 08457

909090.

Visit www.TrendMicro.com or www.lodeinfo.org for more detailed information about LODE INFO.