Codoso

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Codoso, also known as C0d0so0 or the Sunshop Group, is a notable threat actor in the cybersecurity landscape. Originally identified by FireEye as the Sunshop Group in 2013, this adversary group has been on security research radars since 2010 due to its numerous targeted attacks exploiting zero-day vulnerabilities. The group's modus operandi includes using sophisticated malware like Derusbi, similar to another prominent threat actor, Deep Panda. Unit 42 recently discovered new malicious activity linked to Codoso while investigating unknown malware and attack campaigns through the AutoFocus threat intelligence platform. This discovery indicates that Codoso continues to be an active and significant threat in the cybersecurity world, constantly evolving and adapting their techniques to carry out their operations more effectively. In a recent incident, Codoso was implicated in a watering hole attack against Forbes and other targets in November of the previous year. This attack was attributed to Codoso by iSIGHT Partners and Invincea, confirming the group's ongoing activities and highlighting their ability to target high-profile entities. These incidents underscore the importance of robust cybersecurity measures and constant vigilance against persistent threat actors such as Codoso.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Codoso Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
MITRE
a year ago
New Attacks Linked to C0d0so0 Group