Summary: A complex multi-stage attack has been seen delivering malware such as Agent Tesla variants and Remcos RAT using a deceptive email tactic. The attack employs various methods for payload delivery and execution, including PowerShell scripts and encoded files, further complicating detection efforts. Concurrently, a new version of MysterySnail RAT is being utilized by a Chinese-speaking threat actor named IronHusky to target government organizations in Mongolia and Russia.
Affected: Government organizations in Mongolia and Russia
Keypoints :
- Multi-stage attack begins with a phishing email containing a malicious 7-zip archive.
- Payload delivery involves PowerShell scripts and is designed to evade traditional cybersecurity measures.
- IronHusky is using a new version of MysterySnail RAT, capable of executing a range of commands including file management and process control.
- In the latest variants, attackers are using lighter versions of the RAT to bypass detection mechanisms implemented by targeted organizations.
Source: https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html