Mongolia is experiencing an alarming increase in ransomware attacks, as highlighted by recent data from Ransom Monitor. Multiple domains, including government and healthcare services, have fallen victim to notorious threat actors such as funksec and darkvault. This escalating threat underscores the urgent need for enhanced cybersecurity measures across the nation.
As cybercriminals intensify their efforts, vulnerabilities within Mongolia’s digital infrastructure are being exploited, prompting a critical reassessment of cybersecurity strategies. Alongside these ransomware challenges, other sophisticated cyber threats, including espionage and spyware activities, have emerged, further complicating Mongolia’s cybersecurity landscape.
Rising Ransomware Threats Targeting Mongolia’s
Recent incidents on Ransom Monitor reveal a surge in ransomware attacks affecting multiple Mongolian gov/company, highlighting the urgent need for enhanced cybersecurity measures in the country. Threat Actor: funksec (most), darkvault, spacebears.
- Ransom! bayan-ulgii.cfga.gov.mn
- Ransom! tsag-agaar.gov.mn
- Ransom! timely.mn
- Ransom! ndc.energy.mn
- Ransom! rtdc.gov.mn
- Ransom! Intermed Hospital Mongolia
Mongolia’s Key Contributions to Interpol’s Operation Synergia II Against Global Cybercrime
During Operation Synergia II, Mongolian authorities successfully raided 21 houses, uncovering a server and identifying 93 individuals linked to illegal cyber activities.
>> https://www.hendryadrian.com/operation-synergia-ii-sees-interpol-swoop-on-cybercriminals/
The Mongolian Police Service website, service.police.gov.mn, has been HACKED.
Notified by: OurSec
Date: Thu, 16 May 2024 00:08:07 +0000
URL: http://service.police.gov.mn/OurSec.html
Country: Mongolia
Sector: Police — Law enforcement agency responsible for maintaining public order and safety.
>> https://www.hendryadrian.com/hacked-police-gov-mn/
Mongolia Included in Global Concerns Over Predator Spyware
Research indicates that Predator spyware, linked to the Intellexa Consortium, has been potentially deployed in Mongolia, as the U.S. escalates sanctions to hold accountable those facilitating the spread of disruptive technologies.
>> https://www.hendryadrian.com/us-hits-intellexa-spyware-maker-with-more-sanctions/
Predator Spyware Expands Its Reach, Including Mongolia in New Malware Network
Insikt Group’s report reveals that the notorious Predator spyware now operates in Mongolia, among at least 11 other countries, as it revamps its delivery infrastructure to enhance its malicious capabilities.
>> https://www.hendryadrian.com/predator-spyware-alive-well-and-expanding/
As NSO Group is ordered to reveal details about its Pegasus spyware, new reports indicate Mongolia is part of a multi-tiered delivery infrastructure linked to mercenary spyware, intensifying concerns over cybersecurity and privacy in the region.
APT29 Targets Mongolia’s Government Sites with Sophisticated Exploits
Recent exploit campaigns attributed to the Russian-backed APT29 have successfully targeted Mongolian government websites via watering hole attacks, utilizing vulnerabilities similar to those previously exploited by commercial surveillance vendors, highlighting a persistent threat to national cybersecurity.
>> https://www.hendryadrian.com/apt-quarterly-highlights-third-quarter-2024/
Operation ShadowCat Targets Political Observers in Mongolia Amid Stealthy RAT Campaign
Operation ShadowCat, a Remote Access Trojan is strategically targeting political observers in Mongolia, leveraging geo-location checks to avoid detection in specific regions while employing sophisticated steganography techniques.
>> https://www.hendryadrian.com/operation-shadowcat-stealthy-rat-targets-indian-political-observers/
Targeting Mongolia: APT Campaign Exploits Geocities for Malware Distribution
An APT phishing campaign linked to Geocities reveals attempts to infect Mongolia-related users with sophisticated malware, utilizing PowerShell for stealthy execution and employing VBScript and multiple base64 encodings to evade detection.
Mustang Panda APT Targets Mongolia in Multi-Region Cyber Campaign
Recent analysis reveals that the Mustang Panda APT group is conducting sophisticated cyber espionage activities aimed at government and NGO sectors in Mongolia, employing malicious LNK files and advanced evasion techniques to execute their payloads.
Stately Taurus APT Targets Mongolia Amid ASEAN Cyberespionage Operations
Recent investigations reveal that the Stately Taurus APT group has expanded its cyberespionage activities to include Mongolia, with indicators of compromise such as the string ‘estmongolia’ suggesting potential malicious intent in the region. estmongolia = Eastern Mongolia.
TransparentTribe APT Expands Focus to Include Mongolia in Cyber Espionage Activities
Recent observations indicate that TransparentTribe, an APT group operating out of Pakistan, has broadened its cyber espionage efforts to target Mongolia, employing tactics such as fake websites and custom malware like Crimson RAT to compromise sensitive information.
>> https://www.hendryadrian.com/threat-actor-profile-transparenttribe/
I-Soon’s Intelligence Operations Target Mongolia’s Key Government Entities
Recent leaks reveal that I-Soon has specifically targeted Mongolia’s Ministry of Foreign Affairs, Police, and telecommunications sectors, showcasing a wide-ranging approach to intelligence collection that includes both espionage and domestic surveillance.
>> https://www.hendryadrian.com/a-comprehensive-analysis-of-i-soons-commercial-offering/
KONNI Operations Highlight Targeting of Mongolia in Russian Foreign Policy Context
Recent findings indicate that KONNI has been deployed in cyberespionage activities aimed at Russian foreign policy targets, with notable campaigns utilizing Russian-language lures related to the Russian-Mongolian intergovernmental commission and other regional diplomatic issues.
Earth Preta Targets Mongolia with DOPLUGS Malware in Recent Campaign
The Earth Preta APT group’s recent campaign utilizing the customized DOPLUGS malware has explicitly targeted Mongolia, evidenced by phishing decoys linked to local events, highlighting their broadened focus beyond traditional targets in Asia.
>> https://www.hendryadrian.com/earth-preta-campaign-uses-doplugs-to-target-asia/