| ID | Votes | Profile Description |
|---|---|---|
| APT41 | 6 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Winnti | 5 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| Redgolf | 2 | RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the |
| Axiom | 2 | Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi |
| KEYPLUG | 1 | KeyPlug is a modular backdoor malware, written in C++, that has been used extensively by the APT41 group to target systems globally. Notably, between June and December 2021, it was heavily deployed against state government victims, exploiting Windows systems with significant effect. KeyPlug supports |
| Brass Typhoon | 1 | None |
| Suckfly | 1 | Suckfly, an advanced threat group, has been identified as conducting targeted attacks using multiple stolen certificates, hacktools, and custom malware. This group is not the only one to use certificates to sign malware, but they are possibly the most prolific collectors of them. The group's broad a |
| Wicked Panda | 1 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| Blackfly | 1 | Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz |
| Winnti Group | 1 | The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Wyrmspy | Unspecified | 2 | WyrmSpy is a sophisticated malware attributed to the Chinese espionage group APT41, also known as Double Dragon, BARIUM, and Winnti. This harmful software, designed to exploit and damage computer systems or devices, infects systems through suspicious downloads, emails, or websites, often without use |
| DragonEgg | Unspecified | 2 | DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance |
| ShadowPad | Unspecified | 1 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TAG-22 | Unspecified | 1 | Threat Activity Group 22 (TAG-22), also known as RedHotel, is a suspected Chinese state-sponsored threat actor that has been identified by Recorded Future. This group has been actively targeting various sectors including telecommunications, academia, research and development, and government organiza |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 8 days ago | China's APT41 Targets Global Logistics, Utilities Companies |
| CERT-EU | 5 months ago | Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities |
| CERT-EU | 5 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Air India |
| CERT-EU | 8 months ago | Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor |
| CERT-EU | 8 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Air India |
| Securityaffairs | 10 months ago | Redfly group infiltrated an Asian national grid as long as six months |
| MITRE | a year ago | Exchange servers under siege from at least 10 APT groups | WeLiveSecurity |
| MITRE | a year ago | Detecting threat actors in recent German industrial attacks with Windows Defender ATP - Microsoft Security Blog |
| CERT-EU | a year ago | NATO countries targeted by Winter Vivern via Zimbra vulnerability |
| CERT-EU | a year ago | Cyber Security Week In Review: July 21, 2023 |
| BankInfoSecurity | a year ago | Chinese Threat Group APT41 Linked To Android Malware Attacks |
| CERT-EU | a year ago | Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware |
| CERT-EU | a year ago | Hackers target Pakistani government, bank and telecom provider with China-made malware |
| Secureworks | a year ago | ShadowPad Malware Analysis |
| CERT-EU | a year ago | Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms |
| MITRE | a year ago | Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan |
| CERT-EU | a year ago | Windows, Linux systems subjected to Chinese state-backed cyberattacks |
| MITRE | a year ago | Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques |
| Recorded Future | a year ago | With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets | Recorded Future |
| CERT-EU | a year ago | In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware |