After a long period of silence, the MysterySnail RAT malware, first linked to Chinese-speaking threat group IronHusky APT in 2017, is now actively attacking in Mongolia and Russia. Kaspersky research has revealed upgraded features, including five DLL modules for command execution and encrypted payloads enabled for memory loading via DLL hollowing. A further simplified version, named MysteryMonoSnail, utilises the WebSocket protocol and has 13 basic commands.
Chinese Hackers Update MysterySnail Malware to Infiltrate Sensitive Government Networks
The Chinese-speaking hacker group IronHusky has been deploying updated versions of the MysterySnail remote access trojan (RAT) malware against Russian and Mongolian government organizations. The
