Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.
There are currently no families associated with this actor.
|2022-08-04 ⋅ Mandiant ⋅ |
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
|2019 ⋅ Council on Foreign Relations ⋅ |
|2017-05-31 ⋅ MITRE ⋅ |
|2016-05-25 ⋅ Kaspersky Labs ⋅ |
CVE-2015-2545: overview of current threats
|2015-12-16 ⋅ FireEye ⋅ |
The EPS Awakens