APT2

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
APT2, suspected to be affiliated with China, is a threat actor known for its cyber operations targeting the military and aerospace sectors. The primary objective of APT2's activities is intellectual property theft, focusing on data and projects that give an organization a competitive edge within its industry. The group is associated with malware such as MOOSE and WARP, and it typically uses spearphishing emails exploiting CVE-2012-0158 as an attack vector. On January 12, 2016, cybersecurity firm Cylance published a blog post linking an exploit document to APT2, also referred to as "Putter Panda" by CrowdStrike. This link was established based on overlaps in IP addresses used in attacks attributed to both groups. However, while there appears to be some overlap between APT2 and another group known as Scarlet Mimic, no definitive conclusion has been reached that these two groups are identical or directly connected. Despite the uncertainty surrounding the exact identity and affiliations of APT2, the threat this actor poses to organizations, particularly in the military and aerospace sectors, is significant. The group's focus on stealing intellectual property underscores the need for robust cybersecurity measures to protect sensitive data and maintain competitiveness. As such, continuous monitoring, threat intelligence updates, and proactive defense strategies are crucial in mitigating the risks posed by APT2 and similar threat actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Putter Panda
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
China
Spearphishing
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Scarlet MimicUnspecified
1
Scarlet Mimic is a threat actor that has been active since at least 2009, deploying increasingly advanced malware to execute attacks primarily through spear-phishing and watering holes. The group's attacks center around the use of a Windows backdoor named "FakeM," first described by Trend Micro in 2
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2012-0158Unspecified
1
CVE-2012-0158 is a significant vulnerability in the software design and implementation of Microsoft Office, specifically related to the parsing of Rich-text-format (.rtf) files. This flaw was first exploited in spear-phishing attacks where emails contained three different attachments, each exploitin
Source Document References
Information about the APT2 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups