Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Threat_ Research: The APT group targeting Mongolia's government
#1
Bug 
Quote:
[Image: Mongolian-flag.jpg]

LuckyMouse, an APT group using new and advanced tactics to access sensitive government data, could be behind the attack

Our team has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia. 

The APT group planted backdoors and keyloggers to gain long-term access to government networks and then uploaded a variety of tools that they used to perform additional activities on the compromised networks, such as scanning of the local network and dumping credentials. We presume that the main aim of cyber-espionage was the exfiltration of sensitive data from potentially interesting government agencies.

LuckyMouse, also known as EmissaryPanda and APT27, is likely to be behind the APT campaign. The group has previously attacked targets in the area and is well known for going after national resources and political information on near neighbors. 

What is an APT group?

APT groups are malicious organizations that target national information assets crucial to a country’s economy and infrastructure. APT groups are elusive, organized, and highly skilled at what they do. It’s not uncommon for APT attackers to carry out cyberattacks on a longer-term basis than other types of cybercriminals, meaning that numerous attacks from the same APT group could resurface over the course of months or even years.

Details of the cyberattack

Following our research and analysis, we noticed that the group has updated their tactics. For this attack, the group used both keyloggers and backdoors to upload a variety of tools that they used to scan the target network and dump credentials. They used this to access sensitive government data.

The tactics used by the APT group to access the infrastructure of government institutions  include accessing a vulnerable company who were providing services to the government, as well as through a malicious email attachment that was using weaponized documents via an unpatched CVE-2017-11882 vulnerability. 

“The APT group Lucky Mouse has been active since autumn 2017 and has been able to avoid Avast’s attention during the last two years due to their evolving techniques and marked change of tactics,” says Luigino Camastra, malware researcher at Avast. “We were able to detect their new tactics to discover this campaign targeting the Mongolian government, showing how they’ve scaled their operations to be more advanced to gain longer term access to sensitive data.”

Using the samples that our team analyzed, we protected the users in the government institution and national data center from further attacks.

For an in-depth look at this APT group attack, check out a detailed technical summary on Avast Decoded.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>