APT16

APT16, a threat actor suspected to be based in China, is known for its targeted cyber-attacks on Japanese and Taiwanese organizations across various sectors including high-tech, government services, media, and financial services. The group's activities indicate an interest in Taiwan's political and journalistic affairs. Their tactics primarily involve spear phishing campaigns aimed at key individuals within these organizations. In December, APT16 launched a significant spear phishing campaign targeting two Taiwanese media organizations and three webmail addresses. On the same day as the media-targeted attacks, a Taiwanese government agency also fell victim to a similar attack from suspected Chinese APT actors. The attackers sent a lure document containing instructions for registration and listing of goods on a local Taiwanese auction website. Although attribution of these attacks remains uncertain, the evidence suggests that they were likely conducted by APT16 due to similarities in tactics, techniques, and procedures (TTPs). In addition to these attacks, APT16 was likely responsible for a cyber activity in June 2015. There is also a possibility, although unconfirmed, that APT16 targeted another government agency using the same n-day vulnerability to deploy the ELMER backdoor. However, based on available data and visibility, only one campaign can be definitively attributed to APT16. Despite this, the group's activities pose a significant threat to organizations in the targeted sectors, particularly those based in Taiwan.