SharpEfsPotato to escalate privileges § JuicyPotatoNG, a local privilege escalation tool using SeImpersonate or SeAssignPrimaryToken privileges to escalate from a Windows service account to NT AUTHORITY\SYSTEM § SharpEfsPotato, a local privilege escalation tool using EfsRpc, with SeImpersonate or SeAssignPrimaryToken privileges, built from SweetPotato § By employing these tools, the threat actor attempted to create administrative accounts and to run various tools that require elevated privileges Active since: 2013 Aliases: Emissary Panda, APT27, Budworm, Lucky Mouse, Iron Tiger, Bronze Union, TG-3390, Earth Smilodon Target countries: Middle East, Canada, India, Japan, South Korea, Mongolia, Russia, Turkey, Thailand, UK, USA Target industries: government, telecom, IT, manufacturing, defense, Iron Werewolf 33