LuckyMouse uses malicious NDISProxy Windows driver to target gov’t entities

The LuckyMouse advanced persistent threat (APT) is back with a twist in tactics that harnesses LeagSoft certificates to spread Trojans by way of malicious NDISProxy drivers.

It was back in June that researchers discovered that LuckyMouse, also known as EmissaryPanda and APT27, had targeted a national data center containing Asian government resources.

In this previous campaign, LuckyMouse used malicious documents embedded with macros which exploited a widely-known Microsoft Word vulnerability. The Chinese-speaking threat group chose the center in order to steal a “wide range of government resources at one fell swoop.”

Read more…
Source: ZDNet