In August 2024, a cyberespionage campaign by the China-aligned MirrorFace APT group was uncovered, marking its first known attempt to breach a European entity. Traditionally focused on Japan-linked targets, MirrorFace launched Operation AkaiRyū (Red Dragon in Japanese), unveiling a refreshed arsenal of tactics and tools. This campaign introduced a customized AsyncRAT, resurrected the ANEL backdoor, and leveraged a sophisticated execution chain to evade detection, deploying AsyncRAT inside Windows Sandbox for stealthy operations.