Codoso

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Codoso, also known as C0d0so0 or the Sunshop Group, is a notable threat actor in the cybersecurity landscape. Originally identified by FireEye as the Sunshop Group in 2013, this adversary group has been on security research radars since 2010 due to its numerous targeted attacks exploiting zero-day vulnerabilities. The group's modus operandi includes using sophisticated malware like Derusbi, similar to another prominent threat actor, Deep Panda. Unit 42 recently discovered new malicious activity linked to Codoso while investigating unknown malware and attack campaigns through the AutoFocus threat intelligence platform. This discovery indicates that Codoso continues to be an active and significant threat in the cybersecurity world, constantly evolving and adapting their techniques to carry out their operations more effectively. In a recent incident, Codoso was implicated in a watering hole attack against Forbes and other targets in November of the previous year. This attack was attributed to Codoso by iSIGHT Partners and Invincea, confirming the group's ongoing activities and highlighting their ability to target high-profile entities. These incidents underscore the importance of robust cybersecurity measures and constant vigilance against persistent threat actors such as Codoso.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Codoso Team
1
The Codoso Team, also known as APT19 and Sunshop Group, is a threat actor suspected to be linked with China. This group primarily targets the legal and investment sectors, and it's believed to consist of freelancers who receive some degree of sponsorship from the Chinese government. The team has bee
Sunshop Group
1
None
C0d0so0
1
C0d0so0, also known as Codoso, is a notable threat actor group that has been identified through the AutoFocus threat intelligence platform by Unit 42. This group is recognized for their sophisticated tactics and tools, including the use of zero-day exploits in conjunction with watering hole and spea
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Zero Day
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DerusbiUnspecified
1
Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Deep PandaUnspecified
1
Deep Panda, an Advanced Persistent Threat (APT) group, is a significant threat actor in the cybersecurity landscape. This entity is known for executing actions with malicious intent, using sophisticated tactics such as phishing emails to infiltrate target systems. The group's activities include send
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Codoso Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
New Attacks Linked to C0d0so0 Group
MITRE
a year ago
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole