Threat actor · all actors
MirrorFaceG1054 unknown
aka MirrorFace, Earth Kasha
Last updated: 2026-07-03
About this actor
[MirrorFace](https://attack.mitre.org/groups/G1054) is a People's Republic of China (PRC)-aligned cyberespionage actor believed to be a subgroup under the [menuPass](https://attack.mitre.org/groups/G0045) umbrella based on targeting, tools, and infrastructure overlaps. [MirrorFace](https://attack.mitre.org/groups/G1054) has been active since at least 2019, at first exclusively targeting Japanese organizations across the media, defense, diplomatic, financial, manufacturing, and academic sectors. Subsequent [MirrorFace](https://attack.mitre.org/groups/G1054) operations included targets in Central Europe and featured use of [LODEINFO](https://attack.mitre.org/software/S9020), [HiddenFace](https://attack.mitre.org/software/S9023), and [UPPERCUT](https://attack.mitre.org/software/S0275) malware.(Citation: Kaspersky LODEINFO OCT 2022)(Citation: Kaspersky LODEINFO Part II OCT 2022)(Citation: ESET MirrorFace DEC 2022)(Citation: JPCERT MirrorFace JUL 2024)(Citation: Trend Micro Earth Kasha NOV 2024)(Citation: Trend Micro Earth Kasha Updates APR 2025)
Source: MITRE ATT&CK
Activity timeline
- 2023 — 2 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2023-3466 | 5.5 | 8.3 | 0.0304 | 2023-07-19 | see CVE |
CVE-2023-3467 | 5.5 | 8.0 | 0.0210 | 2023-07-19 | see CVE |
T1003T1003.001T1003.002T1003.003T1005T1007T1016T1018T1021T1021.001T1021.002T1027T1027.013T1033T1036T1036.008T1047T1048T1048.002T1057T1059T1059.003T1059.005T1070T1070.004T1071T1071.002T1074T1074.002T1082T1083T1087T1087.002T1090T1114T1114.001T1190T1204T1204.002T1221T1482T1553T1553.002T1556T1556.002T1560T1560.001T1566T1566.001T1566.002T1574T1574.001T1587T1587.001T1588T1588.002T1591T1614T1614.001T1684T1684.001T1685T1685.005T1686T1686.003
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 42 / 65 | 65% |
CM-6 | 38 / 65 | 58% |
CM-2 | 36 / 65 | 55% |
SI-3 | 33 / 65 | 51% |
CM-7 | 31 / 65 | 48% |
AC-3 | 26 / 65 | 40% |
CA-7 | 26 / 65 | 40% |
AC-2 | 24 / 65 | 37% |
AC-6 | 23 / 65 | 35% |
SI-7 | 22 / 65 | 34% |
AC-4 | 19 / 65 | 29% |
SC-7 | 19 / 65 | 29% |
AC-5 | 16 / 65 | 25% |
SI-10 | 16 / 65 | 25% |
CM-5 | 15 / 65 | 23% |
Co-occurring actors
- Clop 2 shared CVEs
Similar actors
Overlapping CVEs
- Clop 0.67
Active in same years
- Cinnamon Tempest 1.00
- Akira 1.00
- Clop 1.00