SongXY

MISP

Tipo:
Unknown

Paese:
Unknown

Prima attivita:
Unknown

Dettagli:

SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.

Riferimenti (2)

ptsecurity.com - Covid 19 And New Year Greetings The Higaisa Group
ptsecurity.com - APT Attacks Eng.pdf

Metadata

ID:	750
Created:	13/01/2026 17:48
Updated:	08/03/2026 04:00