A Tale of PivNoxy and Chinoxy Puppeteer

  • 4 September 2022
  • 0 replies
A Tale of PivNoxy and Chinoxy Puppeteer
Userlevel 5
Badge +3
  • Community Manager
  • 32 replies

An attack against a telecommunications agency in South Asia began with a simple email that initially appeared to be a standard malicious spam email message.
However, the attached Word doc was weaponized using a malicious tool, Royal Road, and is equipped with an exploit for an Equation Editor vulnerability (CVE-2018-0798).
While a payload was unavailable at the time of the investigation, OSINT research points to the Poison Ivy RAT, which FortiGuard Labs has previously highlighted.

Based on analysis, Asian organizations, and potentially some in Mexico, were a reconnaissance target of a threat actor that we believe was also involved in Operation NightScout in 2021.
This threat actor, who uses Chinoxy and PivNoxy in their arsenal, has been active since at least mid-2016.

0 replies

Be the first to reply!