Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

mastodon.ie: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.9

#windowssandbox

0 posts0 participants0 posts today
ESET Research<p><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESETresearch</span></a> has uncovered the <a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. <br><a href="https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/</span></a></p><p>Surprisingly, <a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> used <a href="https://infosec.exchange/tags/ANEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANEL</span></a> – a backdoor historically linked only to <a href="https://infosec.exchange/tags/APT10" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT10</span></a> – highlighting a shift in the group’s tactics and reinforcing suspicions that MirrorFace could be part of the APT10 umbrella.<br>Operation AkaiRyū began with targeted spearphishing emails referencing the victim’s past correspondence and Expo 2025 , persuading recipients to download malicious attachments. <br>Once the files were opened, a layered compromise chain ensued . Collaborating with the victim allowed us to perform in-depth analysis, shedding light on MirrorFace’s post-compromise behavior – from credential harvesting to dropping additional tools for lateral movement. </p><p><a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> used an intricate execution chain to stealthily run a highly tweaked <a href="https://infosec.exchange/tags/AsyncRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AsyncRAT</span></a> within <a href="https://infosec.exchange/tags/WindowsSandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSandbox</span></a>, hampering detection efforts. This is the first time we’ve seen MirrorFace employ AsyncRAT.<br>In another twist, <a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> utilized <a href="https://infosec.exchange/tags/VSCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VSCode</span></a> remote tunnels, a tactic enabling covert access and command execution on compromised machines. This approach has also been seen with other China-aligned cyberespionage groups.<br>The group primarily leveraged <a href="https://infosec.exchange/tags/ANEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANEL</span></a> as a first-stage backdoor, <a href="https://infosec.exchange/tags/HiddenFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HiddenFace</span></a> – MirrorFace’s flagship backdoor – was dropped later in the attack to bolster persistence . Notably absent this time was <a href="https://infosec.exchange/tags/LODEINFO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LODEINFO</span></a>, which <a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> typically employs.</p><p>We presented our findings about Operation AkaiRyū conducted by <a href="https://infosec.exchange/tags/MirrorFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MirrorFace</span></a> at @jpcert_ac on January 22, 2025: <a href="https://jsac.jpcert.or.jp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">jsac.jpcert.or.jp</span><span class="invisible"></span></a>.<br>IoCs available in our GitHub repo: <a href="https://github.com/eset/malware-ioc/tree/master/mirrorface" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/mirrorface</span></a></p>
Adam ♿<p>look-of-disapproval.png.webm.gif</p><p><a href="https://developercommunity.visualstudio.com/t/exe-built-in-a-Windows-Sandbox-shared-pa/10340169" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developercommunity.visualstudi</span><span class="invisible">o.com/t/exe-built-in-a-Windows-Sandbox-shared-pa/10340169</span></a></p><p><a href="https://aus.social/tags/VisualStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VisualStudio</span></a> <a href="https://aus.social/tags/WindowsSandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSandbox</span></a></p>
Adam ♿<p>I shouldn't have to throw your <a href="https://aus.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> software into <a href="https://aus.social/tags/WindowsSandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSandbox</span></a> and disable networking to get it to behave.</p>
annajayne 🏳️‍⚧️🙏🏳️‍🌈<p>I was experimenting with Windows Sandbox over the weekend, and as a result I now have a sandbox config which launches it with drives mapped and both Winget and Chocolatey installed. 😁</p><p>The only hiccup I've run into is that Winget is being stubborn (there are some dependency issues) on Windows 10. 🤔</p><p>On Windows 11 however it's absolutely fine. 👍😎👍</p><p><a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://mastodon.social/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a> <a href="https://mastodon.social/tags/WindowsSandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSandbox</span></a> <a href="https://mastodon.social/tags/VirtualMachine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirtualMachine</span></a> <a href="https://mastodon.social/tags/VM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VM</span></a> <a href="https://mastodon.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://mastodon.social/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://mastodon.social/tags/Scripting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scripting</span></a></p>
ExploreLive feeds
About