Summary: Chinese-speaking IronHusky hackers are employing an upgraded version of the MysterySnail remote access trojan (RAT) to target Russian and Mongolian government organizations. This new variant, named MysteryMonoSnail, facilitates advanced control over compromised devices via a malicious script disguised as a Word document, allowing attackers to manage files and processes effectively. The attacks reflect ongoing espionage efforts by the group, which has a history of targeting governmental and military entities since at least 2017.
Affected: Russian and Mongolian government organizations
Keypoints :
- IronHusky hackers are targeting Russian and Mongolian government organizations.
- The upgraded RAT, named MysteryMonoSnail, allows extensive control over compromised devices.
- Kaspersky researchers have observed continued attacks even after blocking earlier versions of the malware.
- The original MysterySnail RAT was first detected in 2021 during widespread espionage operations.
- Chinese APT has a history of exploiting vulnerabilities to deploy malware similar to RATs used by other Chinese groups.