ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > IronHusky

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: IronHusky

NamesIronHusky (Kaspersky)
BBCY-TA1 (BlackBerry)
CountryChina China
MotivationInformation theft and espionage
First seen2017
Description(Kaspersky) IronHusky is a Chinese-speaking actor that we first detected in summer 2017. It is very focused on tracking the geopolitical agenda of targets in central Asia with a special focus in Mongolia, which seems to be an unusual target. This actor crafts campaigns for upcoming events of interest. In this case, they prepared and launched one right before a meeting with the International Monetary Fund and the Mongolian government at the end of January 2018. At the same time, they stopped their previous operations targeting Russian military contractors, which speaks volumes about the group’s limitations. In this new campaign, they exploited CVE-2017-11882 to spread common RATs typically used by Chinese-speaking groups, such as PlugX and PoisonIvy.
ObservedSectors: Defense, Financial, Government.
Countries: Mongolia, Russia.
Tools usedMysterySnail RAT, Poison Ivy, PlugX.
Operations performedAug 2021Operation “MysterySnail”
In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers.

Last change to this card: 03 November 2021

Download this actor card in PDF or JSON format

Previous: Iridium
Next: ITG18

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]