APT group: IronHusky| Names | IronHusky (Kaspersky) BBCY-TA1 (BlackBerry) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2017 | |
| Description | (Kaspersky) IronHusky is a Chinese-speaking actor that we first detected in summer 2017. It is very focused on tracking the geopolitical agenda of targets in central Asia with a special focus in Mongolia, which seems to be an unusual target. This actor crafts campaigns for upcoming events of interest. In this case, they prepared and launched one right before a meeting with the International Monetary Fund and the Mongolian government at the end of January 2018. At the same time, they stopped their previous operations targeting Russian military contractors, which speaks volumes about the group’s limitations. In this new campaign, they exploited CVE-2017-11882 to spread common RATs typically used by Chinese-speaking groups, such as PlugX and PoisonIvy. | |
| Observed | Sectors: Defense, Financial, Government. Countries: Mongolia, Russia. | |
| Tools used | Poison Ivy, PlugX. | |
| Information | <https://securelist.com/apt-trends-report-q1-2018/85280/> | |
Last change to this card: 29 April 2020
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |