IronHusky | CFR Interactives

IronHusky

Affiliations

MysterySnail

IronHusky was detected using a Windows zero-day to launch a remote access Trojan dubbed MysterySnail. Command and control infrastructure IronHusky use has been active since at least 2012.

Suspected victims

IT companies, diplomatic missions, and defense contractors in the United States.

Suspected state sponsor

China

Type of incident

Espionage

Target category

Private sector

MysterySnail attacks with Windows zero-day
Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events