Apt25

APT25, also known as Uncool, Vixen Panda, Ke3chang, Sushi Roll, and Tor, is a threat actor suspected to be attributed to China. This group has targeted sectors such as defense industrial base, media, financial services, and transportation in the U.S. and Europe. They are associated with several types of malware, including LINGBO, PLAYWORK, MADWOFL, MIRAGE, TOUGHROW, TOYSNAKE, and SABERTOOTH. The primary attack vector used by APT25 is spear phishing, which includes sending messages containing malicious attachments and hyperlinks. Historically, APT25 has not been known to use zero-day exploits, but they may leverage these once they have been made public. Their modus operandi does not rely on exploiting unknown vulnerabilities but rather capitalizes on publicly disclosed ones. This approach allows them to conduct their activities while minimizing the need for advanced technical capabilities and resources. There's a point of contention among cybersecurity researchers about the association of certain toolsets with APT25. While Symantec attributes the toolset to APT15, analysts from Sekoia.io delineate APT15 and APT25 differently, associating both backdoors to Ke3chang, aligning with ESET's analysis. This highlights the complexity and fluid nature of attributing cyber threats, underscoring the necessity of ongoing vigilance and research in the cybersecurity field.