| ID | Votes | Profile Description |
|---|---|---|
| Islanddreams | 2 | IslandDreams, also known as APT40, Bronze Mohawk, GreenCrash, Kryptonite Panda, Periscope, and Mudcarp, is a threat actor group that has been linked to China. The group has been associated with a series of malicious activities, including a notable phishing campaign in late August that targeted users |
| Red Ladon | 1 | Red Ladon, also known as APT40 and TA423, is a threat actor believed to be operating out of Hainan Island, China. This group has been identified by cybersecurity researchers as the entity behind various malicious activities, including those targeting government agencies and industry manufacturers. B |
| Leviathan | 1 | Leviathan is a threat actor group that has been linked to various Advanced Persistent Threat (APT) groups such as APT40, also known as Kryptonite Panda, Gingham Typhoon, and Bronze Mohawk. These groups have been reported to be state-sponsored by the People's Republic of China (PRC). Leviathan has re |
| TEMP.Periscope | 1 | TEMP.Periscope, also known as APT40 and TEMP.Jumper among other names, is a threat actor group with a nexus to China that has been active since at least 2013. This group is known for its cyber espionage activities primarily targeting maritime-related entities across various sectors such as engineeri |
| TEMP.Jumper | 1 | TEMP.Jumper, also known as TEMP.Periscope, Leviathan, APT40, and several other aliases, is a China-nexus cyber espionage group. This threat actor has been active in the cybersecurity landscape for years, targeting government organizations, private businesses, and universities worldwide. Notably, bet |
| Kryptonite Panda | 1 | Kryptonite Panda, also known as APT40, Bronze Mohawk, Periscope, Mudcarp, and GINGHAM TYPHOON among others, is a threat actor believed to be based in Haikou, Hainan Province, People's Republic of China. This threat group has been associated with an array of cyber-espionage operations targeting gover |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Zeus | Unspecified | 1 | Zeus is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Zeus can steal personal information, disrupt operations, or even hold da |
| Airbreak | Unspecified | 1 | Airbreak is a malicious software (malware) used by Advanced Persistent Threat group APT40, known for its sophisticated cyber-espionage campaigns. This JavaScript-based backdoor malware retrieves commands from hidden strings in compromised webpages and actor-controlled profiles on legitimate services |
| BADFLICK | Unspecified | 1 | Badflick is a malware that belongs to the family of backdoors and is commonly used by APT40, a Chinese threat group. This malware can modify the file system, generate a reverse shell, and change its command-and-control configuration. Badflick is usually deployed through custom credential theft utili |
| China Chopper | Unspecified | 1 | China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated |
| HOMEFRY | Unspecified | 1 | Homefry is a 64-bit Windows password dumper/cracker that has been used in conjunction with the AIRBREAK and BADFLICK backdoors by APT40, a Chinese state-sponsored cyber espionage group. Malware is harmful software designed to exploit and damage your computer or device. It can infect your system thro |
| IcedID | Unspecified | 1 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sandworm | Unspecified | 2 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Ransomhub | Unspecified | 1 | RansomHub, a threat actor known for executing actions with malicious intent, has recently been linked to several high-profile cyber-attacks. The group is recognized for its ransomware attacks, which have resulted in significant data breaches at multiple companies. Christie, a prominent organization, |
| Smishing Triad | Unspecified | 1 | Smishing Triad, a malicious threat actor, has been identified as a significant risk to various countries across the globe. Initially, this group targeted the United States Postal Service (USPS) and US citizens, aiming to steal personal data on a large scale. This cybercrime operation employed sophis |
| Dark Pink | Unspecified | 1 | Dark Pink, also known as Saaiwc Group, is a Chinese-aligned cyberespionage entity that has been particularly active since mid-2022. The threat actor has conducted spearphishing campaigns against government, military, and non-profit organizations in Southeast Asia and parts of Europe, using sophistic |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-34523 | Unspecified | 2 | None |
| CVE-2021-44228 | Unspecified | 2 | CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b |
| CVE-2021-26084 | Unspecified | 2 | CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta |
| CVE-2021-34473 | Unspecified | 2 | CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to |
| CVE-2021-31207 | Unspecified | 2 | CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M |
| CVE-2023-38831 | Unspecified | 2 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| CVE-2017-11882 | Unspecified | 1 | CVE-2017-11882 is a software vulnerability present in Microsoft's Equation Editor, allowing for the execution of malicious code. This vulnerability was exploited by a tool known as Royal Road, which is shared among various Chinese state-sponsored groups. The tool facilitates the creation of harmful |
| CVE-2024-4577 | Unspecified | 1 | None |
| CVE-2024-6409 | Unspecified | 1 | None |
| CVE-2017-0199 | Unspecified | 1 | CVE-2017-0199 is a notable software vulnerability, specifically a flaw in the design or implementation of Microsoft Office's Object Linking and Embedding (OLE) feature. This vulnerability has been exploited over the years to spread various notorious malware families. In 2017, it was used to dissemin |
| CVE-2017-8759 | Unspecified | 1 | None |
| CVE-2012-0158 | Unspecified | 1 | CVE-2012-0158 is a significant vulnerability in the software design and implementation of Microsoft Office, specifically related to the parsing of Rich-text-format (.rtf) files. This flaw was first exploited in spear-phishing attacks where emails contained three different attachments, each exploitin |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 7 days ago | Chinese Hacker Gang GhostEmperor Re-Emerges After Two Years |
| DARKReading | 11 days ago | Vulnerabilities & Threats recent news | Dark Reading |
| Securityaffairs | 12 days ago | Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION |
| BankInfoSecurity | 16 days ago | Australia Flags Persistent Chinese Cyberespionage Hacking |
| Securityaffairs | 16 days ago | Cybersecurity agencies warn of China-linked APT40 's capabilities |
| InfoSecurity-magazine | 17 days ago | Ransomware Groups Prioritize Defense Evasion for Data Exfiltration |
| DARKReading | 17 days ago | Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace |
| InfoSecurity-magazine | 17 days ago | Chinese State Actor APT40 Exploits N-Day Vulnerabilities Within Hours |
| CISA | 18 days ago | People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | CISA |
| CISA | 18 days ago | CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40 | CISA |
| Securityaffairs | 4 months ago | UK, New Zealand against China-linked cyber operations |
| Securityaffairs | 8 months ago | APT29 group exploited WinRAR 0day in attacks against embassies |
| Securityaffairs | 8 months ago | DarkCasino joins the list of APT groups exploiting WinRAR 0day |
| CERT-EU | 9 months ago | Cyber Security Week in Review: October 20, 2023 |
| CERT-EU | 9 months ago | Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers |
| DARKReading | 9 months ago | Patch Now: APTs Continue to Pummel WinRAR Bug |
| CERT-EU | 9 months ago | Russian and Chinese nation-state actors target recently patched WinRAR zero-day |
| CERT-EU | 9 months ago | Government-backed actors exploiting WinRAR vulnerability |
| Securityaffairs | 9 months ago | Multiple APT groups exploited WinRAR flaw CVE-2023-38831 |
| BankInfoSecurity | 9 months ago | Nation-State Hackers Exploiting WinRAR, Google Warns |