 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: IronHusky| Names | IronHusky (Kaspersky) BBCY-TA1 (BlackBerry) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2017 | |
| Description | (Kaspersky) IronHusky is a Chinese-speaking actor that we first detected in summer 2017. It is very focused on tracking the geopolitical agenda of targets in central Asia with a special focus in Mongolia, which seems to be an unusual target. This actor crafts campaigns for upcoming events of interest. In this case, they prepared and launched one right before a meeting with the International Monetary Fund and the Mongolian government at the end of January 2018. At the same time, they stopped their previous operations targeting Russian military contractors, which speaks volumes about the group’s limitations. In this new campaign, they exploited CVE-2017-11882 to spread common RATs typically used by Chinese-speaking groups, such as PlugX and PoisonIvy. | |
| Observed | Sectors: Defense, Financial, Government. Countries: Mongolia, Russia. | |
| Tools used | MysterySnail RAT, Poison Ivy, PlugX. | |
| Operations performed | Aug 2021 | Operation “MysterySnail” In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. <https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/> |
| Information | <https://securelist.com/apt-trends-report-q1-2018/85280/> | |
Last change to this card: 03 November 2021
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |