MN
Mongolia CTI Platform
National cyber threat monitoring
2026-07-01T03:09:46.048495+00:00 SAMPLE Export JSON
Cyber Threat Intelligence

Mongolia threat intelligence dashboard

Monitor, filter, and review cyber threat intelligence relevant to Mongolia, public services, critical sectors, and .mn infrastructure.

Mongolia Government and critical sectors .mn and gov.mn monitoring
4
Findings
5
Raw records
77
Highest risk
0
Feed warnings

Findings

4 shown
ransomware

High ransomware activity relevant to Mongolia was identified across 1 corroborating observations.

High / 77

Ransomware payload associated with reported targeting of a major Mongolian mining organization.

Affected date: 2026-06-24 08:30 UTC
Affected sector: mining
Actor/group: LockBit
Malware: LockBit
CVEs: CVE-2026-12345
Quick IOCs: d41d8cd98f00b204e9800998ecf8427e
MITRE ATT&CK: T1021.001, T1486

Indicators

DNS / Domains0
No suspicious domains listed
Malicious IPs0
No malicious IPs listed
File hashes1
d41d8cd98f00b204e9800998ecf8427e
CVEs1
CVE-2026-12345
MITRE ATT&CK2
T1021.001
T1486
Threat actors1
LockBit

Recommended actions

  1. Block confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.
  2. Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.
  3. Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.
  4. Validate offline backups, test restoration paths, and review lateral movement controls.
malware

High malware activity relevant to Mongolia was identified across 1 corroborating observations.

High / 74

Stealer command-and-control node resolving inside a Mongolian IP range and associated with banking credential theft.

Affected date: 2026-06-24 07:15 UTC
Affected sector: banking
Actor/group: Unknown
Malware: Lumma Stealer
CVEs: none
Quick IOCs: 43.242.241.15
MITRE ATT&CK: T1041, T1071.001

Indicators

DNS / Domains0
No suspicious domains listed
Malicious IPs1
43.242.241.15
File hashes0
No file hashes listed
CVEs0
No CVEs listed
MITRE ATT&CK2
T1041
T1071.001
Threat actors1
Unknown

Recommended actions

  1. Block confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.
  2. Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.
  3. Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.
phishing

Medium phishing activity relevant to Mongolia was identified across 1 corroborating observations.

Medium / 58

Credential phishing domain impersonating gov.mn and E-Mongolia citizen login workflows.

Affected date: 2026-06-24 06:10 UTC
Affected sector: government
Actor/group: Unknown
Malware: none
CVEs: none
Quick IOCs: egov-mn-login[.]com
MITRE ATT&CK: T1566.002, T1583.001

Indicators

DNS / Domains1
egov-mn-login[.]com
Malicious IPs0
No malicious IPs listed
File hashes0
No file hashes listed
CVEs0
No CVEs listed
MITRE ATT&CK2
T1566.002
T1583.001
Threat actors1
Unknown

Recommended actions

  1. Block confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.
  2. Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.
  3. Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.
  4. Tighten brand-monitoring and takedown workflows for Mongolian phishing and impersonation domains.
phishing

Medium phishing activity relevant to Mongolia was identified across 1 corroborating observations.

Medium / 58

Fraud domain impersonating Khan Bank customer security notifications.

Affected date: 2026-06-24 09:00 UTC
Affected sector: banking
Actor/group: unknown
Malware: none
CVEs: none
Quick IOCs: khanbank-secure-update[.]net
MITRE ATT&CK: none

Indicators

DNS / Domains1
khanbank-secure-update[.]net
Malicious IPs0
No malicious IPs listed
File hashes0
No file hashes listed
CVEs0
No CVEs listed
MITRE ATT&CK0
No ATT&CK techniques listed
Threat actors0
No actor attribution listed

Recommended actions

  1. Block confirmed malicious indicators across firewalls, email gateways, DNS, and EDR controls.
  2. Hunt for the listed IOCs across Mongolia-facing infrastructure, cloud logs, proxy logs, and endpoint telemetry.
  3. Validate whether exposed internet-facing systems map to any referenced CVEs and patch or isolate immediately.
  4. Tighten brand-monitoring and takedown workflows for Mongolian phishing and impersonation domains.

Sources

22 feeds

Select feeds for a focused run. Non-Mongolia intelligence is filtered out.

Feed Status

1 checked
Local Sample IntelOK
records 5auth ready