Apt25

Threat Actor updated 5 months ago (2024-05-04T17:47:34.380Z)
Download STIX
Preview STIX
APT25, also known as Uncool, Vixen Panda, Ke3chang, Sushi Roll, and Tor, is a threat actor suspected to be attributed to China. This group has targeted sectors such as defense industrial base, media, financial services, and transportation in the U.S. and Europe. They are associated with several types of malware, including LINGBO, PLAYWORK, MADWOFL, MIRAGE, TOUGHROW, TOYSNAKE, and SABERTOOTH. The primary attack vector used by APT25 is spear phishing, which includes sending messages containing malicious attachments and hyperlinks. Historically, APT25 has not been known to use zero-day exploits, but they may leverage these once they have been made public. Their modus operandi does not rely on exploiting unknown vulnerabilities but rather capitalizes on publicly disclosed ones. This approach allows them to conduct their activities while minimizing the need for advanced technical capabilities and resources. There's a point of contention among cybersecurity researchers about the association of certain toolsets with APT25. While Symantec attributes the toolset to APT15, analysts from Sekoia.io delineate APT15 and APT25 differently, associating both backdoors to Ke3chang, aligning with ESET's analysis. This highlights the complexity and fluid nature of attributing cyber threats, underscoring the necessity of ongoing vigilance and research in the cybersecurity field.
Description last updated: 2023-10-10T23:55:45.444Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Apt25 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more