APT3

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
APT3, also known as the UPS Team, is a highly sophisticated threat group suspected to be based in China and attributed to the Chinese Ministry of State Security (MSS) and Boyusec. This threat actor targets sectors including Aerospace and Defense, Construction and Engineering, High Tech, Telecommunications, and Transportation, aligning with areas highlighted by China's most recent Five Year Plan. APT3's malicious activities support China's political, economic, diplomatic, and military goals, making it not just another cyber threat group but an asset of the MSS. Companies victimized by APT3 are urged to adjust their defense strategies against this formidable adversary. The group has demonstrated advanced capabilities such as using browser-based exploits as zero-days (e.g., Internet Explorer, Firefox, and Adobe Flash Player) and creating their version of EternalSynergy, called UPSynergy. In the Bemstour case, it was assumed that APT3 sniffed the EternalRomance exploit from network traffic and later upgraded it to the equivalent of EternalSynergy using an additional APT3 vulnerability. The phishing emails used by APT3 are usually generic in nature, almost appearing to be spam, and they have been associated with malware like SHOTPUT, COOKIECUTTER, and SOGU. Once APT3 gains access to a target network, they work swiftly and proficiently at enumerating and moving laterally to maintain their access. Their command and control (CnC) infrastructure is difficult to track due to little overlap across campaigns. Similar to APT3’s activity in Operation Clandestine Wolf, the URLs redirect to JavaScript profilers and a malicious Adobe Flash file. APT3's activities underscore the significant threat posed by state-sponsored cyber actors and highlight the need for robust cybersecurity defenses.
What's your take? (Question 1 of 0)
7aeee3f5-f12f-4989-88db-7c11a6bff725 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chinese
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the APT3 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3 | Recorded Future
MITRE
a year ago
Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak | Mandiant
MITRE
a year ago
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign | Mandiant
MITRE
a year ago
Two Birds, One STONE PANDA
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
MITRE
a year ago
The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research
MITRE
a year ago
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers