SongXY

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.

References (2)

ptsecurity.com - Covid 19 And New Year Greetings The Higaisa Group
ptsecurity.com - APT Attacks Eng.pdf

Metadata

ID:	750
Created:	13/01/2026 17:48
Updated:	08/03/2026 04:00