TMCnet News

Avast Identifies APT Group Targeting Government Agencies in East Asia
[December 09, 2020]

Avast Identifies APT Group Targeting Government Agencies in East Asia

PRAGUE, Dec. 9, 2020 /PRNewswire/ -- Avast (LSE:AVST), a global leader in digital security and privacy products, has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.

Avast Threat Intelligence researchers found that the APT group planted backdoors and keyloggers to gain long-term access to government networks belonging to the government of Mongolia. Avast researchers consider LuckyMouse, also known as EmissaryPanda and APT27, is likely to be behind the APT campaign. The group, which has previously attacked targets in the area, is well-known for going after national resources and political information on near neighbors.

Following research and analysis, Avast researchers noticed the group has updated their tactics. For this attack, the group used both keyloggers and backdoors to upload a variety of tools that they used to scan the target network and dump credentials. They used this to access sensitive government data.

The tactics used b the APT group to access the infrastructure of government institutions  include accessing a vulnerable company who were providing services to the government, and through a malicious email attachment that was using weaponized documents via an unpatched CVE-2017-11882 vulnerability.

"The APT group Lucky Mouse has been active since Autumn 2017 and has been able to avoid Avast attention in the last two years due to their evolving techniques and marked change of tactics. We were able to detect their new tactics to discover this campaign targeting the Mongolian government, showing how they've scaled their operations to be more advanced to gain longer term access to sensitive data," says Luigino Camastra, malware researcher at Avast.

A detailed technical summary can be found on the Avast Threat Intelligence blog Decoded.

About Avast:

Avast (LSE: AVST), a FTSE 100 company, is a global leader in digital security and privacy products. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company's threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Visit:

Media contact: 


Cision View original content to download multimedia:


[ Back To's Homepage ]