ransomwareHigh ransomware activity relevant to Mongolia was identified across 1 corroborating observations.High / 77Ransomware payload associated with reported targeting of a major Mongolian mining organization.Affected date: 2026-06-24 08:30 UTCAffected sector: miningActor/group: LockBitMalware: LockBitCVEs: CVE-2026-12345Quick IOCs: d41d8cd98f00b204e9800998ecf8427eMITRE ATT&CK: T1021.001, T1486Show indicatorsIndicatorsCopy 4 IOCsDNS / Domains0No suspicious domains listedMalicious IPs0No malicious IPs listedFile hashes1d41d8cd98f00b204e9800998ecf8427eCVEs1CVE-2026-12345MITRE ATT&CK2T1021.001T1486Threat actors1LockBitRecommended actionsBlock confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.Validate offline backups, test restoration paths, and review lateral movement controls.
malwareHigh malware activity relevant to Mongolia was identified across 1 corroborating observations.High / 74Stealer command-and-control node resolving inside a Mongolian IP range and associated with banking credential theft.Affected date: 2026-06-24 07:15 UTCAffected sector: bankingActor/group: UnknownMalware: Lumma StealerCVEs: noneQuick IOCs: 43.242.241.15MITRE ATT&CK: T1041, T1071.001Show indicatorsIndicatorsCopy 3 IOCsDNS / Domains0No suspicious domains listedMalicious IPs143.242.241.15File hashes0No file hashes listedCVEs0No CVEs listedMITRE ATT&CK2T1041T1071.001Threat actors1UnknownRecommended actionsBlock confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.
phishingMedium phishing activity relevant to Mongolia was identified across 1 corroborating observations.Medium / 58Credential phishing domain impersonating gov.mn and E-Mongolia citizen login workflows.Affected date: 2026-06-24 06:10 UTCAffected sector: governmentActor/group: UnknownMalware: noneCVEs: noneQuick IOCs: egov-mn-login[.]comMITRE ATT&CK: T1566.002, T1583.001Show indicatorsIndicatorsCopy 3 IOCsDNS / Domains1egov-mn-login[.]comMalicious IPs0No malicious IPs listedFile hashes0No file hashes listedCVEs0No CVEs listedMITRE ATT&CK2T1566.002T1583.001Threat actors1UnknownRecommended actionsBlock confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.Tighten brand-monitoring and takedown workflows for Mongolian phishing and impersonation domains.
phishingMedium phishing activity relevant to Mongolia was identified across 1 corroborating observations.Medium / 58Fraud domain impersonating Khan Bank customer security notifications.Affected date: 2026-06-24 09:00 UTCAffected sector: bankingActor/group: unknownMalware: noneCVEs: noneQuick IOCs: khanbank-secure-update[.]netMITRE ATT&CK: noneShow indicatorsIndicatorsCopy 1 IOCsDNS / Domains1khanbank-secure-update[.]netMalicious IPs0No malicious IPs listedFile hashes0No file hashes listedCVEs0No CVEs listedMITRE ATT&CK0No ATT&CK techniques listedThreat actors0No actor attribution listedRecommended actionsBlock confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.Tighten brand-monitoring and takedown workflows for Mongolian phishing and impersonation domains.