Lucky Mouse

Malware updated 4 months ago (2024-05-04T19:30:19.565Z)

Download STIX

Preview STIX

Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals for intelligence gathering. The threat actor, Lucky Mouse, is known for its sophisticated techniques, such as installing webshells on SharePoint servers and employing DLL search order hijacking to elevate privileges once inside the network. The activity of Lucky Mouse has been observed in relation to specific political events and geographical targets. In August 2022, Sekoia.io noted a significant increase in malware attacks, including Lucky Mouse, originating from China and targeting Taiwan, coinciding with the visit of the U.S. House of Representatives speaker to Taiwan. Moreover, in April 2019, Unit 42 documented the Emissary Panda threat group compromising government organizations in two different Middle Eastern countries by installing webshells on their SharePoint servers. In September 2023, new attacks utilizing an updated SysUpdate toolkit were deployed against an Asian government and a Middle East-based telecommunications provider. These attacks were linked to the Budworm operation, another alias for the APT group responsible for Lucky Mouse. Additionally, prior research into a malware called Gallium revealed tactical similarities with multiple Chinese nation-state groups, including APT10, APT27 (Lucky Mouse), and APT41, further emphasizing the complex landscape of cyber threats associated with these actors.

Description last updated: 2024-05-04T18:49:48.406Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Emissary Panda	3	Emissary Panda, also known as APT27, Iron Tiger, Bronze Union, Lucky Mouse, and Budworm, is a notable threat actor linked to China. This group has been engaged in the theft of intellectual property from organizations in sectors that China perceives as being of vital strategic interest. The group has
APT27	3	APT27, also known as Iron Taurus, is a threat actor group suspected to be attributed to China. Engaging in cyber operations with the primary goal of intellectual property theft, APT27 targets organizations globally, with a focus on North and South America, Europe, and the Middle East. The group's mo
BRONZE UNION	2	Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Lucky Mouse Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	DDoS attack hits Russian flight booking system claimed by Ukrainian hackers
CERT-EU	a year ago	Asian government, telco targeted by Chinese APT
CERT-EU	a year ago	China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
CERT-EU	a year ago	My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
Securityaffairs	a year ago	Carderbee APT targets Hong Kong orgs via supply chain attacks
CERT-EU	a year ago	Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
CERT-EU	2 years ago	Cyber Security Today, March 3, 2023 – Bootkit can compromise Windows 11, a hacked container found and more \| IT World Canada News
MITRE	2 years ago	Emissary Panda Attacks Middle East Government SharePoint Servers