Lucky Mouse APT using chat app in cross-platform infiltration campaign

Cybersecurity groups SEKOIA and Trend Micro have released reports detailing the activities of China-based advanced persistent threat actor Lucky Mouse and its use of a trojanized version of the MiMi chat application to attack systems, according to The Hacker News. Lucky Mouse, also known as APT27, Iron Tiger, Bronze Union and Emissary Panda, has been active since 2013 and is known to perform breaches into targeted networks for political and cyberespionage purposes in line with Chinas interests. Its latest campaign has affected up to 13 entities in the Philippines and Taiwan, including eight that were hit by rshell attacks, with the first breach reported in mid-July 2021. The APTs recent activity uses a version of the chat application MiMi whose installer files have been compromised to download and install HyperBro samples when users are on Windows OS and rshell artifacts when targeting Linux and macOS users. The campaign marks Lucky Mouses first attempt to breach macOS devices.