Buckeye

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Buckeye is a threat actor known for its execution of actions with malicious intent, targeting various categories of US organizations up until mid-2015. Notably, in 2009, Buckeye launched attacks against a US organization's network using a remote access Trojan (Backdoor.Pirpi), capable of reading, writing, and executing files and programs. The group often utilized spear-phishing emails embedded with a malicious .zip attachment as part of their attack strategy. Their traditional targets were primarily file and print servers, indicating an intent to steal documents. However, there was a noticeable shift in Buckeye's focus around June 2015 when the group began compromising political entities in Hong Kong. This change, combined with the group's history of using zero-day exploits, customized tools, and specifically targeting certain types of organizations, suggests that Buckeye may be a state-sponsored cyberespionage group. The group's use of multiple hacking tools and malware further underscores their sophisticated and multi-faceted approach to cyberattacks. Given Buckeye's track record and evolving tactics, it is crucial for organizations to remain vigilant and proactive in their cybersecurity measures. Understanding the group's modus operandi can aid in developing effective defenses against such threats. It's also important to note that while Buckeye's current focus appears to be on political entities in Hong Kong, their past activities demonstrate a capability and willingness to target a broad range of organizations across different sectors and regions.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Buckeye Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
CERT-EU
3 months ago
National Content & Technology Cooperative ("NCTC") Brings Back the Winter Educational Conference ("WEC")
CERT-EU
10 months ago
Censorship involving collusion with social companies could be heard by Supremes
CERT-EU
5 months ago
Ohio Lottery experiences cybersecurity hack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting