Lucky Mouse

Malware updated 23 days ago (2024-11-29T14:27:17.680Z)
Download STIX
Preview STIX
Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals for intelligence gathering. The threat actor, Lucky Mouse, is known for its sophisticated techniques, such as installing webshells on SharePoint servers and employing DLL search order hijacking to elevate privileges once inside the network. The activity of Lucky Mouse has been observed in relation to specific political events and geographical targets. In August 2022, Sekoia.io noted a significant increase in malware attacks, including Lucky Mouse, originating from China and targeting Taiwan, coinciding with the visit of the U.S. House of Representatives speaker to Taiwan. Moreover, in April 2019, Unit 42 documented the Emissary Panda threat group compromising government organizations in two different Middle Eastern countries by installing webshells on their SharePoint servers. In September 2023, new attacks utilizing an updated SysUpdate toolkit were deployed against an Asian government and a Middle East-based telecommunications provider. These attacks were linked to the Budworm operation, another alias for the APT group responsible for Lucky Mouse. Additionally, prior research into a malware called Gallium revealed tactical similarities with multiple Chinese nation-state groups, including APT10, APT27 (Lucky Mouse), and APT41, further emphasizing the complex landscape of cyber threats associated with these actors.
Description last updated: 2024-05-04T18:49:48.406Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Emissary Panda is a possible alias for Lucky Mouse. Emissary Panda, also known as APT27, Iron Tiger, Bronze Union, Budworm, Lucky Mouse, and Red Phoenix, is a threat actor linked to China. This group has been involved in cyberespionage activities with the primary goal of stealing intellectual property from organizations in sectors that China perceive
3
APT27 is a possible alias for Lucky Mouse. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the
3
BRONZE UNION is a possible alias for Lucky Mouse. Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.