MirrorFace Group Uses ROAMINGMOUSE Malware in Cyberespionage Campaign Against Japan and Taiwan

The MirrorFace cyber threat group has been observed using the ROAMINGMOUSE malware in a cyberespionage campaign targeting government agencies and public institutions in Japan and Taiwan. This activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of the ANEL backdoor. Specific technical details regarding the delivery mechanisms and capabilities of the new version of ANEL were not provided in the article.