A spear-phishing campaign targeting Japan since June 2024 has been identified, featuring the reemergence of the ANEL backdoor, previously used by APT10 until 2018. The campaign, attributed to Earth Kasha, targets individuals in political organizations, research institutions, and international relations-related entities. The attack utilizes various infection methods, including macro-enabled documents and shortcut files. The malware suite includes ROAMINGMOUSE, ANELLDR, and updated versions of ANEL. Post-exploitation activities involve information gathering and, in some cases, deployment of the more advanced NOOPDOOR backdoor. This campaign marks a shift in Earth Kasha's tactics, moving from exploiting vulnerabilities in edge devices to targeting individuals through spear-phishing.