Higaisa  (Back to overview)

The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessings, Lantern blessings, North Korean celebrations, and important news, overseas personnel contact lists and so on. In addition, the attack organization also has the attack capability of the mobile terminal. The targets of the attack also include diplomatic entities related to North Korea (such as embassy officials in various places), government officials, human rights organizations, North Korean residents abroad, and traders. The victim countries currently monitored include China, North Korea, Japan, Nepal, Singapore, Russia, Poland, Switzerland, etc.

Associated Families

2020-11-13Youtube (The Standoff)Alexey Zakharov, Positive Technologies
FF_202_Eng - From old Higaisa samples to new Winnti backdoors: The story of one research
CROSSWALK Unidentified 076 (Higaisa LNK to Shellcode)
Deep-dive: The DarkHotel APT
Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode)
2020-06-11ZscalerAtinderpal Singh, Sudeep Singh
The Return of the Higaisa APT
Unidentified 076 (Higaisa LNK to Shellcode)
2020-06-03MalwarebytesHossein Jazi, Jérôme Segura
New LNK attack tied to Higaisa APT discovered
2019-11-04TencentTencent Security Mikan TIC
APT attack group "Higaisa" attack activity disclosed
Ghost RAT Higaisa

Credits: MISP Project