Avast Identifies APT Group Targeting Multiple East Asian Government Agencies


According to the investigation conducted by Avast, the LuckyMouse group could be the author of this attack campaign which uses sophisticated new tactics to gain access to confidential government data.


Tribune - Avast, specialist in online security and privacy products, has identified a new campaign of Advanced Persistent Threats (APT ) carried out against administrations and a data center operated by the Government of Mongolia.


Researchers from the Avast Threat Intelligence team discovered that the APT group had installed backdoors and keyloggers to gain long-term access to Mongolian government networks. For Avast researchers, the LuckyMouse group, also known by the names EmissaryPanda and APT27, would be behind this APT campaign. Author of targeted attacks in the region, the group is known to attack national resources and seize political information concerning nearby neighbors.


During their investigation and analysis, Avast researchers noticed that the group changed its tactics. For this attack, he indeed associated keyloggers with backdoors to upload various tools capable of analyzing the target's network, in order to recover identification data. These tools have also given hackers access to sensitive government data.


To access the infrastructure of the Mongolian administration, the APT group notably infiltrated a vulnerable company that provides services to the government, and sent a malicious email with an infected attachment that used militarized documents exploiting a CVE-2017-11882 flaw unpatched.

THE APT LUCKY MOUSE GROUP HAS BEEN ACTIVE SINCE FALL 2017,” EXPLAINS LUIGINO CAMASTRA, MALWARE RESEARCHER AT AVAST. HE MANAGED TO ESCAPE AVAST FOR TWO YEARS THROUGH THE USE OF CONSTANTLY EVOLVING TECHNIQUES AND A SIGNIFICANT CHANGE IN APPROACH. WE MANAGED TO DETECT HIS NEW TACTICS AND UNCOVER A CAMPAIGN THAT HAD THE MONGOLIAN GOVERNMENT IN ITS SIGHTS. WE THUS REALIZED TO WHAT EXTENT THE GROUP HAS BROADENED ITS ACTIVITIES, AND BECOME MORE SOPHISTICATED, TO OBTAIN LONGER-TERM ACCESS TO SENSITIVE DATA


Avast Blog ; Check Here 

Previous Post Next Post