Codoso Team

The Codoso Team, also known as APT19 and Sunshop Group, is a threat actor suspected to be linked with China. This group primarily targets the legal and investment sectors, and it's believed to consist of freelancers who receive some degree of sponsorship from the Chinese government. The team has been active since at least 2010 and was first publicly identified by FireEye in 2013 under the name "Sunshop Group." Over the years, the Codoso Team has carried out numerous targeted attacks exploiting zero-day vulnerabilities. One of the most notable attacks attributed to the Codoso Team occurred in November last year when they launched a watering hole attack against Forbes and other undisclosed targets. The attack was identified and attributed to the Codoso Team by iSIGHT Partners and Invincea, two cybersecurity firms that have been tracking the group's activities for some time. These firms believe that this recent hacking push is consistent with the modus operandi of the Codoso Team, further solidifying their reputation as a persistent threat actor. In conclusion, the Codoso Team represents a significant and ongoing cybersecurity threat. Their suspected ties to the Chinese government, combined with their focus on legal and investment sectors, make them a critical concern for businesses operating within these industries. Furthermore, their use of sophisticated techniques such as zero-day exploits and watering hole attacks underscores the need for robust cybersecurity defenses and proactive threat intelligence.