Roaming Mantis (Chinese intrusion set) is assessed to be a financially motivated group, with a history of targeting developed countries.
Recently, it has been linked to a series of SMS phishing attacks (Smishing) targeting France, Germany and previously Korea, Japan, Taiwan. Its Smishing campaigns target Android-type devices by spreading malware called “Moqhao alias Wroba, Xloader”.
MoqHao (aka Wroba, XLoader for Android) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS.
SEKOIA.IO analysts monitor and track this threat since the beginning of 2022. In a blog post, they describe each step of the ongoing Smishing campaign and share their investigation on Roaming Mantis’ infrastructure.
To learn more, click on this link.
You can consult other topics available in our glossary below: APT31, Turla, Nobelium APT29, Vice Society, Advanced Persistent threat, CTI, XDR, SOAR, SIEM, SOC, EDR, CERT, STIX, IoC.
If you are visiting our website for the first time, know that we are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.