New version of MysterySnail RAT and lightweight MysteryMonoSnail backdoor | Securelist

Kaspersky GReAT detected new versions of the MysterySnail RAT, attributed to the IronHusky APT group, targeting government organizations in Mongolia and Russia. The RAT, which has been actively used since 2021, was deployed through a malicious MMC script disguised as a document. The new version of MysterySnail RAT utilizes a modular architecture, relying on five additional DLL modules for command execution, and communicates with attacker-created HTTP servers.