ID | Votes | Profile Description |
---|---|---|
Barium | 6 | Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario |
Winnti | 5 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
KEYPLUG | 4 | KeyPlug is a modular backdoor malware, written in C++, that has been used extensively by the APT41 group to target systems globally. Notably, between June and December 2021, it was heavily deployed against state government victims, exploiting Windows systems with significant effect. KeyPlug supports |
Wicked Panda | 4 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
Wyrmspy | 4 | WyrmSpy is a sophisticated malware attributed to the Chinese espionage group APT41, also known as Double Dragon, BARIUM, and Winnti. This harmful software, designed to exploit and damage computer systems or devices, infects systems through suspicious downloads, emails, or websites, often without use |
DragonEgg | 4 | DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance |
Winnti Group | 3 | The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l |
Earth Longzhi | 3 | Earth Longzhi, a suspected subgroup of the notorious APT41, has reemerged after months of inactivity and is now attacking organizations across various industries in Southeast Asia. This group had been on hiatus since its last campaign which ran from August 2021 to June 2022. Trend Micro's investigat |
Hoodoo | 3 | Hoodoo, also known as APT41, Winnti, Bronze Atlas, and several other aliases, is a threat actor believed to be backed by the Chinese government. This group is renowned for its complex campaigns that target a variety of sectors, with motivations ranging from exfiltrating sensitive data to financial g |
Blackfly | 3 | Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz |
Bronze Atlas | 2 | Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a s |
Earth Estries | 2 | Earth Estries is a cyberespionage group, or threat actor, that has targeted government entities and tech firms across the globe, including in the US, Germany, South Africa, Asia, Malaysia, the Philippines, and Taiwan. While the exact origin of Earth Estries remains unclear, there are indications sug |
Volt Typhoon | 2 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
Redgolf | 2 | RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the |
Longzhi | 2 | Earth Longzhi, a subgroup within the notorious APT41 cyber espionage group, has re-emerged after months of dormancy, according to cybersecurity researchers at Trend Micro. The threat actor has been known for its malicious activities since 2020 and has recently targeted organizations in Taiwan, Thail |
Lightspy | 2 | LightSpy is a threat actor known for its malicious activities in the realm of cybersecurity. This entity, which could be an individual, a private organization, or a government body, has been identified as the force behind a series of cyber attacks targeting South Asia. The primary method of attack i |
Mustang Panda | 2 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
Daggerfly | 2 | DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these |
Axiom | 2 | Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi |
Double Dragon | 2 | Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t |
BRONZE SILHOUETTE | 1 | Bronze Silhouette, also known as Volt Typhoon, Vanguard Panda, Dev-0391, UNC3236, Voltzite, and Insidious Taurus, is a state-sponsored cyberespionage group linked to the People's Republic of China (PRC). The threat actor group has been active since at least 2021, targeting US government entities, de |
Vanguard Panda | 1 | Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities i |
Insidious Taurus | 1 | Insidious Taurus, a malicious software, is part of the cyber arsenal deployed by Volt Typhoon, a state-sponsored cyberespionage group linked to the Chinese government. This malware is designed to infiltrate and damage computer systems, often gaining entry through suspicious downloads, emails, or web |
Carderbee | 1 | Carderbee, a previously unknown Advanced Persistent Threat (APT) group, has been identified as the perpetrator behind a series of supply chain attacks against organizations in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team reported that Carderbee used a malware-infused version |
Budworm | 1 | Budworm, also known as LuckyMouse or APT 27, is a threat actor that has been associated with various high-profile cyber attacks. This group has been found to utilize tools such as the Korplug backdoor, which is commonly used by multiple Advanced Persistent Threats (APTs) including Budworm and APT41, |
Crosswalk | 1 | Crosswalk, a threat actor in the cybersecurity industry, has been identified as utilizing FakeTLS in its traffic, presenting significant security concerns. This modular backdoor is implemented in shellcode, with the main payload being the Crosswalk backdoor itself. The malicious files associated wit |
ID | Type | Votes | Profile Description |
---|---|---|---|
ZxShell | Unspecified | 5 | ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o |
ShadowPad | Unspecified | 5 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
PlugX | Unspecified | 2 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
DEADEYE | Unspecified | 1 | Deadeye is a sophisticated malware used in cyber-espionage operations, primarily deployed by the threat actor group known as APT41. This malware has been employed in multiple U.S. state government intrusions, where it was packaged using VMProtect and split into multiple sections on disk to evade ana |
Taurus | Unspecified | 1 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
Merdoor | Unspecified | 1 | Merdoor is a powerful malware that has been in existence since 2018, according to Symantec. This backdoor is capable of installing itself as a service, keylogging, listening on local ports for commands, and communicating with its command and control (C&C) server using various methods such as HTTP, H |
MESSAGETAP | Unspecified | 1 | MESSAGETAP is a malware tool utilized by APT41, an advanced persistent threat group associated with Chinese cyber espionage efforts. The malware was first reported to FireEye Threat Intelligence subscribers in August 2019 and publicly discussed at the FireEye Cyber Defense Summit the same year. It w |
Korplug | Unspecified | 1 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
Crimson | Unspecified | 1 | Crimson is a type of malware that has been used in various cyber-espionage campaigns, notably by ProjectM. The malware was first observed in 2013 and has been continuously employed in attacks alongside other payloads like Capra RAT and Oblique RAT. ProjectM used multiple domains to control the Crims |
keyplug.linux | Unspecified | 1 | Keyplug.linux is a malicious software (malware) that has been utilized by APT41, a highly adaptable and resourceful threat actor. This malware is known for its capacity to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's kno |
Elemental Taurus | Unspecified | 1 | None |
Lucky Mouse | Unspecified | 1 | Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo |
Plugx/korplug | Unspecified | 1 | PlugX/Korplug is a malicious software (malware) known for its stealthy infiltration and damaging capabilities. It can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data |
gh0st RAT | Unspecified | 1 | Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's |
ID | Type | Votes | Profile Description |
---|---|---|---|
Lancefly | Unspecified | 5 | Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto |
GALLIUM | Unspecified | 3 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
I-Soon | Unspecified | 3 | i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi |
Redfly | Unspecified | 2 | RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan |
Lazarus Group | Unspecified | 2 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
Thallium | Unspecified | 2 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
Earth Freybug | is related to | 2 | Earth Freybug is a threat actor that has been active since at least 2012, engaging in cyber espionage and financially motivated activities. It's considered a subset of APT41, a collective of Chinese threat groups known by various names such as Winnti, Wicked Panda, Barium, and Suckfly. Earth Freybug |
Emerald Sleet | Unspecified | 2 | Emerald Sleet, a North Korea-affiliated advanced persistent threat (APT) group, has emerged as a significant cybersecurity concern. The group leverages OpenAI’s ChatGPT, the same technology that underpins Microsoft's Copilot, to enhance its malicious activities. These activities include spear-phishi |
APT1 | is related to | 2 | APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak |
Apt43 | Unspecified | 2 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
Brass Typhoon | Unspecified | 1 | None |
Scattered Spider | Unspecified | 1 | Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur |
Suckfly | is related to | 1 | Suckfly, an advanced threat group, has been identified as conducting targeted attacks using multiple stolen certificates, hacktools, and custom malware. This group is not the only one to use certificates to sign malware, but they are possibly the most prolific collectors of them. The group's broad a |
APT17 | Unspecified | 1 | APT17, also known as Tailgator Team and Deputy Dog, is a threat actor suspected to be affiliated with the Chinese intelligence apparatus. This group has been associated with various aliases including Winnti, PassCV, Axiom, LEAD, BARIUM, Wicked Panda, and GREF. The primary targets of APT17 are the U. |
Higaisa | Unspecified | 1 | Higaisa is a threat actor, or hacking group, believed to have its origins in South Korea according to Tencent's analysis. The group has been identified as targeting primarily North Korean government and trade organizations, but it has also extended its operations to China, Japan, Russia, Poland, and |
Iron Tiger | Unspecified | 1 | Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att |
APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
POTASSIUM | Unspecified | 1 | Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated |
Operation Soft Cell | Unspecified | 1 | Operation Soft Cell is a long-running cyber espionage campaign attributed to a Chinese threat actor, likely state-sponsored. The operation targets telecommunications providers globally and has been particularly active in the Middle East. The activity was first reported by cybersecurity firm Cybereas |
TAG-22 | Unspecified | 1 | Threat Activity Group 22 (TAG-22), also known as RedHotel, is a suspected Chinese state-sponsored threat actor that has been identified by Recorded Future. This group has been actively targeting various sectors including telecommunications, academia, research and development, and government organiza |
APT38 | Unspecified | 1 | APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril |
BRONZE UNION | Unspecified | 1 | Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific |
Emissary Panda | Unspecified | 1 | Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa |
Calypso | Unspecified | 1 | Calypso is a notable threat actor group, potentially linked to the Chinese state-sponsored threat actor group APT41, alongside other groups such as Hafnium, LuckyMouse, Tick, and Winnti Group. This group has been involved in various cyber espionage campaigns using sophisticated tools like Win32/Korp |
Bronze Starlight | Unspecified | 1 | Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig |
Ke3chang | Unspecified | 1 | Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang |
Dark Pink | Unspecified | 1 | Dark Pink, also known as Saaiwc Group, is a Chinese-aligned cyberespionage entity that has been particularly active since mid-2022. The threat actor has conducted spearphishing campaigns against government, military, and non-profit organizations in Southeast Asia and parts of Europe, using sophistic |
Tropic Trooper | Unspecified | 1 | Tropic Trooper, a threat actor with suspected ties to China, has been identified as a significant cybersecurity concern. Their activities date back to at least 2013, when Trend Micro noted similarities in the encoding algorithms used by Tropic Trooper's malware and the KeyBoy versions from that year |
Alloy Taurus | Unspecified | 1 | Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur |
Unc3886 | Unspecified | 1 | UNC3886 is a threat actor with suspected links to China, known for its cyber espionage operations targeting global strategic organizations. Since 2021, this advanced persistent threat (APT) group has been exploiting a VMware zero-day vulnerability, identified as CVE-2023-34048. The cybersecurity ind |
Hive0088 | Unspecified | 1 | None |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2021-44207 | Unspecified | 2 | CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported |
CVE-2021-44228 | Unspecified | 2 | CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b |
CVE-2022-41082 | Unspecified | 1 | CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attack |
CVE-2022-41040 | Unspecified | 1 | CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism |
Proxynotshell | Unspecified | 1 | ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t |
Log4Shell | Unspecified | 1 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
CVE-2023-2868 | Unspecified | 1 | CVE-2023-2868 is a significant software vulnerability that was identified in the Barracuda Email Security Gateway (ESG) appliances. This flaw, specifically a remote command injection vulnerability, was disclosed by Barracuda on May 30th, 2023. The vulnerability had been exploited as early as October |
CVE-2022-41328 | Unspecified | 1 | CVE-2022-41328 is a significant software vulnerability discovered in Fortinet's FortiOS. It was heavily targeted by China-nexus intrusion sets, particularly UNC3886, who exploited the vulnerability to deploy custom malware families on Fortinet and VMware systems. This exploitation occurred in Septem |
Source | CreatedAt | Title |
---|---|---|
DARKReading | 8 days ago | China's APT41 Targets Global Logistics, Utilities Companies |
Checkpoint | 12 days ago | 15th July – Threat Intelligence Report - Check Point Research |
DARKReading | a month ago | 'ChamelGang' APT Disguises Espionage Activities With Ransomware |
BankInfoSecurity | 2 months ago | Chinese South China Sea Cyberespionage Campaign Unearthed |
DARKReading | 2 months ago | Chinese Threat Clusters Triple-Team High-Profile Asian Government Org |
BankInfoSecurity | 2 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers |
Securityaffairs | 2 months ago | APT41: The threat of KeyPlug against Italian industries |
Securityaffairs | 2 months ago | Chinese actor 'Unfading Sea Haze' remained undetected for five years |
DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
DARKReading | 4 months ago | China-Linked Threat Actor Hides Via 'Peculiar' Malware |
Trend Micro | 4 months ago | Earth Freybug Uses UNAPIMON for Unhooking Critical APIs |
DARKReading | 5 months ago | China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks |
CERT-EU | 5 months ago | Anxun and Chinese APT Activity - ReliaQuest |
CERT-EU | 5 months ago | Lookout | Webinar: Analyzing Scattered Spider and APT41 Attacks | Lookout Webinar |
CERT-EU | 5 months ago | i-SOON Data Leak: Key Points |
CERT-EU | 5 months ago | Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities |
Unit42 | 5 months ago | Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns |
CERT-EU | 5 months ago | Spyware leak offers 'first-of-its-kind' look inside Chinese government hacking efforts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
CERT-EU | 5 months ago | PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs |