Cicada

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Cicada, also known as APT10, Stone Panda, or Cloud Hopper, is a threat actor believed to be linked with the Chinese government. The group has been active since 2009, engaging in espionage operations against various organizations, particularly those associated with Japan. Cicada's activities involve sophisticated attack campaigns that indicate the backing of a large and well-resourced entity. Their operational tactics include the use of custom DLL loaders for decryption and execution of final payloads, such as QuasarRAT, an open-source backdoor previously used by the group. In March 2023, Hackaday reported on a campaign by Cicada, which was confirmed authentic despite its annoying nature. Symantec, a division of Broadcom, discovered substantial evidence linking this campaign to Cicada, further solidifying their reputation as a major cybersecurity threat. Notably, the group has also targeted Managed Service Providers (MSPs) in the past, demonstrating their broad range of targets and strategic approach to cyber-espionage. The similarities between Cicada's recent activities and those of previous campaigns, such as those described by Cylance in 2019, suggest a consistent modus operandi. This includes the use of techniques like DLL side-loading and living-off-the-land tools, emphasizing the necessity for comprehensive security solutions to detect and mitigate such threats. Despite countermeasures, Cicada remains highly dangerous due to its extensive resources, skills, and ability to execute wide-ranging and sophisticated attacks.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cicada Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
CERT-EU
a year ago
Links 19/03/2023: Release of Libreboot 20230319 and NATO Expanding
CERT-EU
8 months ago
CVE 2020-1472 Archives - i-secure Co, Ltd.