MirrorFace Hits Japan, Taiwan With Spy Malware Duo

The cyber-espionage group known as MirrorFace has launched a targeted campaign against government agencies and public institutions in Japan and Taiwan, deploying advanced malware tools to infiltrate sensitive systems. According to findings from Trend Micro in March 2025, the group utilized spear-phishing tactics to deliver malicious payloads, including a custom malware strain dubbed ROAMINGMOUSE and an upgraded version of the ANEL backdoor.

The campaign highlights a continued focus by nation-state actors on strategic targets in East Asia, leveraging social engineering techniques to gain access to high-value networks. The ANEL malware, previously attributed to MirrorFace operations, has been enhanced to improve its evasion and persistence capabilities. ROAMINGMOUSE, identified as part of this latest wave, plays a critical role in establishing unauthorized access and enabling long-term surveillance.

The attack underscores growing cybersecurity risks facing regional governments, as sophisticated adversaries refine tools to bypass conventional defenses and extract sensitive intelligence.