Brass Typhoon

Threat Actor updated 19 days ago (2024-11-29T14:51:35.783Z)

Download STIX

Preview STIX

Brass Typhoon, also known as APT41, Earth Baxia, and Wicked Panda, is a threat actor group originating from China that has been involved in numerous software-supply-chain attacks. This group was formerly identified as Barium, which had carried out more software-supply-chain attacks than any other group globally. Brass Typhoon has recently targeted Taiwanese government agencies, Filipino and Japanese military, and Vietnamese energy companies, installing backdoors for cyberespionage purposes. One of the primary tools utilized by Brass Typhoon is KEYPLUG, a backdoor first disclosed by Google-owned Mandiant. This tool was used in attacks launched by the group to infiltrate six U.S. state government networks between May 2021 and February 2022. The group's activities are characterized by their use of public cloud services for hosting malicious files, enhancing their ability to conduct covert operations. While Brass Typhoon operates independently, there has been some overlap found with other advanced persistent threat (APT) groups. However, the group appears to be distinct, demonstrating unique tactics, techniques, and procedures. Its recent activities signal a significant threat to both governmental and private sectors worldwide, underscoring the importance of robust cybersecurity measures to counter such threats.

Description last updated: 2024-10-17T12:29:31.593Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT41 is a possible alias for Brass Typhoon. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Brass Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	3 months ago	China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs
DARKReading	3 months ago	China's 'Earth Baxia' Spies Exploit Geoserver to Target APAC
CERT-EU	2 years ago	Hacker Group Names Are Now Absurdly Out of Control \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	a year ago	Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor