SongXYSongXY

Also known as: SongXY

Known aliases
1

Profile

SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.

Aliases· 1

SongXY

References

  1. https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/
  2. http://www.ptsecurity.com/upload/corporate/ww-en/analytics/APT-Attacks-eng.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA428
Actor
Xiaoqiying
Actor
SharpPanda
Actor
BRONZE SPRING
Actor
APT16
Actor
Earth Yako
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.