Cobalt Kitty

Campaign updated 7 months ago (2024-05-04T20:32:10.403Z)
Download STIX
Preview STIX
Operation Cobalt Kitty, a significant cyber espionage Advanced Persistent Threat (APT), was executed by the OceanLotus Group, also known as APT32, Canvas Cyclone, APT-C-00, and Cobalt Kitty. Active since at least 2012, the group targeted a global corporation in Asia during this operation. Over the course of the campaign, the attackers successfully compromised more than 40 PCs and servers, including critical infrastructure such as the domain controller, file servers, web application server, and database server. The tools, modus operandi, and indicators of compromise (IOCs) observed in Operation Cobalt Kitty were key to attributing this large-scale cyber espionage APT to the OceanLotus Group. Cybereason conducted an in-depth investigation into Operation Cobalt Kitty, uncovering and analyzing new tools in the OceanLotus Group's attack arsenal. These findings were instrumental in understanding the group's approach and tactics. The unique characteristics of Operation Cobalt Kitty, despite being one part of the group's growing chain of APT campaigns, provided valuable insights into the group's evolving strategies and techniques. As the investigation progressed, some of the IOCs observed in Operation Cobalt Kitty began to appear in the wild, with some even reported as being used in other campaigns. This highlights the dynamic nature of IOCs, which tend to change over time. Nonetheless, these IOCs served as behavioral fingerprints that played a pivotal role in linking Operation Cobalt Kitty to the OceanLotus Group. While Operation Cobalt Kitty is a unique campaign in many respects, it forms a crucial link in the broader context of the group's ongoing APT activities.
Description last updated: 2024-05-04T20:32:09.736Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT32 is a possible alias for Cobalt Kitty. APT32, also known as OceanLotus Group, APT-C-00, Canvas Cyclone, and Cobalt Kitty, is a threat actor group suspected to originate from Vietnam. Active since at least 2012, this group has targeted foreign companies investing in Vietnam's manufacturing, consumer products, consulting, and hospitality s
2
OceanLotus is a possible alias for Cobalt Kitty. OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cobalt Kitty Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more