| SYMBOL | COMMON_NAME | aka. SYNONYMS |
SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.
There are currently no families associated with this actor.
| 2020-06-04
⋅
PTSecurity
⋅
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group Ghost RAT SongXY |