TwoSail JunkTwoSail Junk

Also known as: Operation Poisoned News · TwoSail Junk

Known aliases
2

Profile

TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date, dozens of visits were recorded from within Hong Kong, with a couple from Macau. The technical details around the functionality of the iOS implant, called LightSpy, and related infrastructure, reveal a low-to-mid capable actor. However, the iOS implant is a modular and exhaustively functional iOS surveillance framework.

Aliases· 2

Operation Poisoned NewsTwoSail Junk

References

  1. https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
  2. https://securelist.com/apt-annual-review-what-the-worlds-threat-actors-got-up-to-in-2020/99574/
  3. https://www.redpacketsecurity.com/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/?utm_source=rss&utm_medium=rss&utm_campaign=operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
BrazenBamboo
Actor
POISON CARP
Actor
TraderTraitor
Actor
DarkHotel
Actor
UNC6691
Actor
GreenSpot
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.