Codoso Team

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
The Codoso Team, also known as APT19 and Sunshop Group, is a threat actor suspected to be linked with China. This group primarily targets the legal and investment sectors, and it's believed to consist of freelancers who receive some degree of sponsorship from the Chinese government. The team has been active since at least 2010 and was first publicly identified by FireEye in 2013 under the name "Sunshop Group." Over the years, the Codoso Team has carried out numerous targeted attacks exploiting zero-day vulnerabilities. One of the most notable attacks attributed to the Codoso Team occurred in November last year when they launched a watering hole attack against Forbes and other undisclosed targets. The attack was identified and attributed to the Codoso Team by iSIGHT Partners and Invincea, two cybersecurity firms that have been tracking the group's activities for some time. These firms believe that this recent hacking push is consistent with the modus operandi of the Codoso Team, further solidifying their reputation as a persistent threat actor. In conclusion, the Codoso Team represents a significant and ongoing cybersecurity threat. Their suspected ties to the Chinese government, combined with their focus on legal and investment sectors, make them a critical concern for businesses operating within these industries. Furthermore, their use of sophisticated techniques such as zero-day exploits and watering hole attacks underscores the need for robust cybersecurity defenses and proactive threat intelligence.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Codoso Team Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
MITRE
a year ago
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole