MirrorFace Attack against Japanese Organisations

**MirrorFace / NOOPDOOR:** JPCERT/CC documents ongoing attacks by the MirrorFace actor targeting Japanese organisations using spearphishing and exploitation of external vulnerabilities (notably Array AG and FortiGate). The report analyzes NOOPDOOR (a shellcode backdoor with XML- and DLL-based loaders called NOOPLDR), its persistence and injection techniques, credential theft methods (LSASS, NTDS.dit, registry hives), lateral movement via SMB/scheduled tasks, data collection/exfiltration, extensive defense-evasion (MSBuild misuse, timestomping, log deletion, disabling Defender), provides IoCs (IPs, IPv6, hashes) and maps observed behavior to MITRE ATT&CK techniques.