IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia


Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years.

Kaspersky researchers observed the latter situation with an implant that we dubbed MysterySnail RAT. The researchers discovered it back in 2021, when they were investigating the CVE-2021-40449 zero-day vulnerability. At that time, Kaspersky identified this backdoor as related to the IronHusky APT, a Chinese-speaking threat actor operating since at least 2017. Since they published a blogpost on this implant, there have been no public reports about it, and its whereabouts have remained unknown.

Read more…
Source: kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Crucial iPhone source code posted in unprecedented leak

    February 8, 2018

    Critical, top secret Apple code for the iPhone’s operating system was posted on Github, opening a new, dangerous avenue for hackers and jailbreakers to access the device, Motherboard reported. The code, known as “iBoot,” has since been pulled, but Apple may have confirmed it was the real deal when it issued a DMCA takedown to Github, as Twitter user ...

  • X.509 metadata can carry information through the firewall

    February 6, 2018

    A security researcher, who last year demonstrated that X.509 certificate exchanges could carry malicious traffic, has now published his proof-of-concept code. Fidelis Cybersecurity’s Jason Reaves has disclosed a covert channel that uses fields in X.509 extensions to sneak data out of corporate networks. The X.509 standard defines the characteristics of public key certificates, and anchors much of ...

  • Meltdown-Spectre: Malware is already being tested by attackers

    February 1, 2018

    German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs. “So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,” the company wrote on Twitter. The company has posted SHA-256 hashes of several ...

  • Ransomware: Is time running out for the biggest menace on the web?

    January 26, 2018

    Ransomware attacks like WannaCry and Petya caused major chaos last year, while the likes of Locky and Cerber were less high-profile, but still managed to generate large amounts of income for their criminal creators. 2017 was the year of ransomware, but it could be that the file-encrypting malware has already reached its peak, as an analysis of cybercriminal campaigns appears to show that malicious ...

  • Satori Author Linked to New Mirai Variant Masuta

    January 23, 2018

    Researchers at NewSky Security say the hacker behind a Mirai malware variant called Satori, also known as Mirai Okiru, is the same hacker behind two new Mirai variants called Masuta and PureMasuta. Based on source code for Masuta malware recently found on the dark web, researchers at NewSky Security said they were able to connect the ...

  • Triple Meltdown: How So Many Researchers Found A 20-Year-Old Chip Flaw At The Same Time.

    January 7, 2018

    On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections. Two days earlier, in their lab at Graz’s University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to ...