| ID | Votes | Profile Description |
|---|---|---|
| Barium | 6 | Barium, also known as BRONZE ATLAS or APT41, is a threat actor that has been associated with various malicious activities. Originating from China and active since at least 2007, this group has been implicated in cyberespionage efforts targeting multiple sectors across the globe. In 2017, according t |
| Winnti | 5 | The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai |
| Wyrmspy | 4 | WyrmSpy is a sophisticated malware attributed to the Chinese espionage group APT41, also known as Double Dragon, BARIUM, and Winnti. This harmful software, designed to exploit and damage computer systems or devices, infects systems through suspicious downloads, emails, or websites, often without use |
| DragonEgg | 4 | DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance |
| Wicked Panda | 4 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified it as one of the top cyber threats. Over the years, security resea |
| KEYPLUG | 4 | KeyPlug is a malicious software (malware) primarily targeting Windows and Linux systems. The malware, written in C++, is a modular backdoor that supports multiple network protocols for command and control traffic, including HTTP, TCP, KCP over UDP, and WSS. It was first reported in March 2023 when t |
| Blackfly | 3 | Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz |
| Winnti Group | 3 | The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l |
| Earth Longzhi | 3 | Earth Longzhi, a suspected subgroup of the notorious APT41, has reemerged after months of inactivity and is now attacking organizations across various industries in Southeast Asia. This group had been on hiatus since its last campaign which ran from August 2021 to June 2022. Trend Micro's investigat |
| Hoodoo | 3 | Hoodoo, also known as APT41, Winnti, Bronze Atlas, and several other aliases, is a threat actor believed to be backed by the Chinese government. This group is renowned for its complex campaigns that target a variety of sectors, with motivations ranging from exfiltrating sensitive data to financial g |
| Redgolf | 2 | RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the |
| Mustang Panda | 2 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| Axiom | 2 | Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi |
| Bronze Atlas | 2 | Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a s |
| Earth Estries | 2 | Earth Estries is a cyberespionage group, or threat actor, that has targeted government entities and tech firms across the globe, including in the US, Germany, South Africa, Asia, Malaysia, the Philippines, and Taiwan. While the exact origin of Earth Estries remains unclear, there are indications sug |
| Volt Typhoon | 2 | Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo |
| Longzhi | 2 | Earth Longzhi, a subgroup within the notorious APT41 cyber espionage group, has re-emerged after months of dormancy, according to cybersecurity researchers at Trend Micro. The threat actor has been known for its malicious activities since 2020 and has recently targeted organizations in Taiwan, Thail |
| Earth Baku | 2 | Earth Baku, a threat actor identified in the cybersecurity landscape, has been executing actions with malicious intent, posing significant challenges to cybersecurity defenses. This entity could comprise of a single person, a private company, or part of a government entity. Earth Baku is known for u |
| Double Dragon | 2 | Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t |
| Lightspy | 2 | LightSpy, a notable threat actor in the cybersecurity landscape, has renewed its espionage campaign, primarily targeting South Asia. This group, which could be an individual, a private company, or part of a government entity, is known for executing actions with malicious intent. The latest wave of a |
| Daggerfly | 2 | DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ShadowPad | Unspecified | 6 | ShadowPad is a modular malware that has been utilized by various Chinese threat actors since at least 2017. It's a malicious software designed to infiltrate computer systems, often without the user's knowledge, and can cause significant damage by stealing personal information, disrupting operations, |
| ZxShell | Unspecified | 5 | ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o |
| PlugX | Unspecified | 2 | PlugX is a notorious malware known for its harmful capabilities and stealthy operations. Often used by the Winnti group, it has been linked to various cyber-attacks, leveraging DLL side-loading to remain undetected. This technique allows it to infiltrate systems without raising alarms, making it an |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lancefly | Unspecified | 5 | Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto |
| I-Soon | Unspecified | 3 | i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi |
| GALLIUM | Unspecified | 3 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| Earth Freybug | is related to | 2 | Earth Freybug is a threat actor that has been active since at least 2012, engaging in cyber espionage and financially motivated activities. It's considered a subset of APT41, a collective of Chinese threat groups known by various names such as Winnti, Wicked Panda, Barium, and Suckfly. Earth Freybug |
| APT1 | is related to | 2 | APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak |
| Redfly | Unspecified | 2 | RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan |
| Emerald Sleet | Unspecified | 2 | Emerald Sleet, a North Korea-affiliated advanced persistent threat (APT) group, has emerged as a significant cybersecurity concern. The group leverages OpenAI’s ChatGPT, the same technology that underpins Microsoft's Copilot, to enhance its malicious activities. These activities include spear-phishi |
| Thallium | Unspecified | 2 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
| Lazarus Group | Unspecified | 2 | The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and |
| Apt43 | Unspecified | 2 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-44207 | Unspecified | 2 | CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported |
| CVE-2021-44228 | Unspecified | 2 | CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attempted |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Fortinet | 2 days ago | Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 | FortiGuard Labs | |
| DARKReading | 12 days ago | Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs | |
| Securityaffairs | 24 days ago | Earth Baku APT targets Europe, the Middle East, and Africa | |
| DARKReading | 25 days ago | APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| DARKReading | a month ago | BlankBot Trojan Targets Turkish Android Users | |
| Securityaffairs | a month ago | CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog | |
| Checkpoint | a month ago | 5th August – Threat Intelligence Report - Check Point Research | |
| Securityaffairs | a month ago | China-linked APT41 breached Taiwanese research institute | |
| DARKReading | a month ago | China's APT41 Targets Taiwan Research Institute for Cyber Espionage | |
| DARKReading | 2 months ago | China's APT41 Targets Global Logistics, Utilities Companies | |
| Checkpoint | 2 months ago | 15th July – Threat Intelligence Report - Check Point Research | |
| DARKReading | 2 months ago | 'ChamelGang' APT Disguises Espionage Activities With Ransomware | |
| BankInfoSecurity | 3 months ago | Chinese South China Sea Cyberespionage Campaign Unearthed | |
| DARKReading | 3 months ago | Chinese Threat Clusters Triple-Team High-Profile Asian Government Org | |
| BankInfoSecurity | 3 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers | |
| Securityaffairs | 3 months ago | APT41: The threat of KeyPlug against Italian industries | |
| Securityaffairs | 4 months ago | Chinese actor 'Unfading Sea Haze' remained undetected for five years | |
| DARKReading | 5 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |