EmissarySoldier compromises government networks and private companies in the Middle East

In News

The cyber threats such as cyberespionage, ransomware and supply-chain attacks are on the rise and above all, the most formidable challenge, and foe, shared by all governments is advanced persistent threat (APT) groups. 
APT groups leveraging evolved tools
ESET recently issued an industry report on government that examines the threatscape APT actors are erecting, and underlines its complex nature with an exclusive look at EmissarySoldier, a malicious campaign brought to bear by the LuckyMouse APT group using its SysUpdate toolkit to compromise machines, some of which were running the popular application Microsoft SharePoint.

This dive into LuckyMouse examines its relatively unknown SysUpdate toolkit – the first samples of which were discovered in 2018. Since then, the toolkit has seen various development stages. LuckyMouse’s current modus operandi is to install its implants via a so-called trident model that uses three components: a legitimate application vulnerable to DLL hijacking, a custom DLL that loads the payload and a raw Shikata Ga Nai-encoded binary payload. Since SysUpdate’s modular architecture enables its operators to limit exposure of malicious artifacts at will, ESET researchers did not retrieve any malicious modules and expect this to be an ongoing challenge in future analyses. Regardless, LuckyMouse increased its activity in 2020, seemingly going through a retooling process where various features were being incrementally integrated into SysUpdate’s toolset.

The evolution of tools leveraged by APT groups like LuckyMouse is of key concern as governments are vested with the responsibility to ensure stability for citizens, the business environment and engagement with other nation-states. These tasks of governance are under threat as LuckyMouse and other APT groups, including state actors and their collaborators, home in on widespread collaboration platforms like Microsoft SharePoint and digital by default service provision.


You may also read!

Multi-Cloud requires impeccable digital hygiene

Dave Russell, Vice President, Enterprise Strategy at Veeam Software elaborates on how businesses looking to deliberately form a multi-cloud


Manufacturing firms looking to sustain innovative ways of working post-COVID

Research commissioned by ServiceNow, shows that whilst the conditions created by the pandemic have enabled an environment for innovation


Fortinet extends security fabric to accelerate 5G adoption

Fortinet announced the new FortiGate 7121F and FortiExtender 511F-5G to further secure and accelerate 5G adoption. Powered by Fortinet’s


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu