Summary: Kaspersky’s Global Research and Analysis Team has reported the resurgence of the IronHusky APT group, which is targeting Russia and Mongolia with a new version of the MysterySnail RAT. This new implant takes advantage of previously known vulnerabilities and uses sophisticated evasion techniques. Despite being relatively quiet since 2021, the group has been observed using a modular architecture for their attacks, indicating ongoing operations.
Affected: Government organizations in Mongolia and Russia
Keypoints :
- IronHusky, a Chinese-speaking APT group, is back with a new variant of the MysterySnail RAT focused on espionage.
- The latest attacks utilized cleverly disguised lures, including fake documents from Mongolia’s National Land Agency.
- The MysterySnail RAT has evolved into a modular architecture, with new deployment variations like MysteryMonoSnail, which uses WebSocket communication.
Source: https://securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/