Latest Luckymouse Trojan Set Against Government Institutions

Security experts report that the LuckyMouse Hacking group has devised a new malicious threat which uses a highly advanced infiltration behavior pattern. This new LuckyMouse Trojan has the capability to infect high-profile networks and is considered a critical infection.

Luckymouse Trojan Attacks in the Past

The LuckyMouse hacking group and its main weapon called the LuckyMouse Trojan are a notorious criminal collective that is well-known for causing high-impact attack campaigns. One of the most recognizable attacks involving a previous iteration of LuckyMouse is the June 2018 attack. The group launched an attack against a national data center located in Central Asia. The security researchers discovered that the criminals were able to access the restricted network and its government resources.

A complex behavior pattern was observed which was able to bypass all security systems that were placed and configured to repel attacks. According to the reports released at the time following the infection the security experts showcase that it is not known which is the main infiltration mechanism. It is suspected that the attacks were through an infected document. The analysts were able to acquire documents that included scripts taking advantage of the CVE-2017-118822 vulnerability in Microsoft Office. It is believed that interaction with it has led to the deployment of the initial payload dropper. The advisory’s description reads the following:

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.

From there on several advanced stealth protection modules in order to hide the infection from any security services:

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Martin Beltov. Read the original post at: