Targeted attacks against various government entities and organizations in Central Asia and the Middle East have been linked to Chinese hacker group, LuckyMouse. Collectively referred to as, “EmissarySoldier,” malicious activity from LuckyMouse in 2020 involved deploying a tool kit SysUpdate into breached organizations that included government and diplomatic agencies, telecom providers, a TV media company, and a commercial bank.
LuckyMouse also known as Iron Tiger, EmissaryPanda, APT 27, and Threat Group-3390 has been active since at least 2010 and has been the bad actor behind many attacks on US-based defense contractors as well. Since SysUpdate’s discovery in 2018, the group has continued to revise the malware. LuckyMouse has been increasingly active in 2020 according to ESET malware researcher, Matthieu Faou. Read more at this article.
LuckyMouse is a sophisticated cyberespionage group known for its highly targeted cyberattacks on large entities world wide according to Kaspersky. What makes this group unique from other cyber-attack gangs is that LuckyMouse stole an information-security related software developer’s digital certificate to try to avoid being detected by security solutions. The stolen digital certificate is used to sign malware samples. LuckyMouse poses a threat to entire regions and seems to carry a political agenda as its being used for nation-state backed cyberespionage.
Kaspersky lists these important ways to protect yourself from LuckyMouse and other hackers:
- Do not automatically trust the code running on your systems. Digital certificates do not guarantee the absence of backdoors.
- Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
- Subscribe your organization’s security team to a high quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Anyone can be targeted by a cyberespionage group at any moment. Governments, banks, and other organizations across the globe have been targeted by LuckyMouse alone. It is more crucial than ever for your entity to implement proper cybersecurity protocols that equip you to defend against malicious actors and protect not only your data, but your entire organization.