Avast identifies APT group targeting government agencies in East Asia. Analysis suggests that APT group LuckyMouse may be behind the attack and that they are using new and advanced tactics to access sensitive government data.
Avast, a global leader in digital security and privacy solutions, has identified a new Advanced Persistent Threats (APT) campaign targeting government agencies and a government data center in Mongolia.
APT group with new tactics
Avast Threat Intelligence analysts found that the APT group used back doors and keyloggers to gain long-term access to Mongolian government networks. They assume that the hacking group LuckyMouse, also known as EmissaryPanda and APT27, located by experts in China, is likely behind the APT campaign. The group, which has previously attacked targets in the region, is known for seeking national resources and political information from nearby countries.
After research and analysis, Avast researchers found that the group had updated their tactics. For this attack, the group used both keyloggers and backdoors to upload a variety of tools that they could use to scan the target network and access the credentials. They then used it to access sensitive government data.
Vulnerable companies as a bridge
Tactics used by the APT group to access government facility infrastructure include accessing a vulnerable company providing services to the government through a malicious email attachment sent through an unpatched CVE 2017-11882 vulnerability injected contaminated documents.
“The APT group LuckyMouse has been active since autumn 2017 and has escaped Avast's attention for the past two years by further developing its techniques and significantly changing its tactics. We identified their new approach and were able to expose the campaign against the Mongolian government and show how the group has developed its attacks in order to gain long-term access to sensitive data, ”says Luigino Camastra, malware researcher at Avast.
More on this in the security blog at Avast.io
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.