Cobalt Kitty

Campaign updated 8 months ago (2024-05-04T20:32:10.403Z)
Download STIX
Preview STIX
Operation Cobalt Kitty, a significant cyber espionage Advanced Persistent Threat (APT), was executed by the OceanLotus Group, also known as APT32, Canvas Cyclone, APT-C-00, and Cobalt Kitty. Active since at least 2012, the group targeted a global corporation in Asia during this operation. Over the course of the campaign, the attackers successfully compromised more than 40 PCs and servers, including critical infrastructure such as the domain controller, file servers, web application server, and database server. The tools, modus operandi, and indicators of compromise (IOCs) observed in Operation Cobalt Kitty were key to attributing this large-scale cyber espionage APT to the OceanLotus Group. Cybereason conducted an in-depth investigation into Operation Cobalt Kitty, uncovering and analyzing new tools in the OceanLotus Group's attack arsenal. These findings were instrumental in understanding the group's approach and tactics. The unique characteristics of Operation Cobalt Kitty, despite being one part of the group's growing chain of APT campaigns, provided valuable insights into the group's evolving strategies and techniques. As the investigation progressed, some of the IOCs observed in Operation Cobalt Kitty began to appear in the wild, with some even reported as being used in other campaigns. This highlights the dynamic nature of IOCs, which tend to change over time. Nonetheless, these IOCs served as behavioral fingerprints that played a pivotal role in linking Operation Cobalt Kitty to the OceanLotus Group. While Operation Cobalt Kitty is a unique campaign in many respects, it forms a crucial link in the broader context of the group's ongoing APT activities.
Description last updated: 2024-05-04T20:32:09.736Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT32 is a possible alias for Cobalt Kitty. APT32, also known as OceanLotus Group, SeaLotus, APT-C-00, and Cobalt Kitty, is a threat actor suspected to be originating from Vietnam. This group has been active since at least 2012, primarily targeting foreign companies investing in Vietnam's manufacturing, consumer products, consulting, and hosp
2
OceanLotus is a possible alias for Cobalt Kitty. OceanLotus, also known as APT32, is a threat actor suspected to be linked to Vietnam. This group primarily targets foreign companies operating in sectors such as manufacturing, consumer products, consulting, and hospitality within Vietnam. The group's activities suggest it poses a significant risk t
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cobalt Kitty Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more