Chinese Sponsored Criminal Hacker Groups Target Official Agencies in Mongolia

ESET researchers discovered that Chinese APT groups have used a chat client which is part of a business suite used by most Mongolian government agencies as a digital backdoor.

ESET researchers discovered that Chinese APT groups have used a chat client which is part of a business suite used by most Mongolian government agencies as a digital backdoor.

It was not specified when the attacks occurred or which agencies were affected.

Able Desktop, which is used by 430 government agencies in Mongolia was used as a vector to deliver the HyperBro backdoor and the Korplug RAT Trojan payloads.

HyperBro is a backdoor commonly attributed to LuckyMouse APT which was believed to be a Chinese state-sponsored group.

The hackers reportedly used the Able Desktop chat app to spread the Tmanager trojans via email to gain access to the computers of government employees.

Aside from phishing tactics, the hackers also managed to penetrate Able’s backend and took control of the system that delivers software updates.

ESET was not able to pin the blame on a particular group, most of the tools that were used are linked to many other Chinese APTs like CactusPete, TICK, IceFog, KeyBoy, and the umbrella group Winnti.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.