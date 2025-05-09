Attacks with the ROAMINGHOUSE malware and an updated ANEL backdoor have been launched by Chinese hacking operation MirrorFace, also known as Earth Kasha, against Japanese and Taiwanese government agencies and public entities as part of a new cyberespionage campaign, according to The Hacker News

MirrorFace distributes spear-phishing emails with a OneDrive URL that downloads a ZIP file containing the ROAMINGHOUSE dropper, which decodes the ZIP file to deploy the legitimate executable and sideload a malicious DLL that injects the improved ANEL backdoor, a report from Trend Micro revealed. Installation of the backdoor, which has since gained a new in-memory beacon object file execution capability, then enables MirrorFace to procure screenshots and evaluate targeted environments. "Enterprises and organizations, especially those with high-value assets like sensitive data relating to governance, as well as intellectual property, infrastructure data, and access credentials, should continue to be vigilant and implement proactive security measures to prevent falling victim to cyberattacks," said Trend Micro researcher Hara Hiroaki.