April 18, 2025 By Sergiu Gatlan
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware.
Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document, which downloaded second-stage payloads and gained persistence on compromised systems.
One of the malicious payloads is an unknown intermediary backdoor that helps transfer files between the command and control servers and hacked devices, run command shells, create new processes, delete files, and more.
