Codoso Team

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
The Codoso Team, also known as APT19 and Sunshop Group, is a threat actor suspected to be linked with China. This group primarily targets the legal and investment sectors, and it's believed to consist of freelancers who receive some degree of sponsorship from the Chinese government. The team has been active since at least 2010 and was first publicly identified by FireEye in 2013 under the name "Sunshop Group." Over the years, the Codoso Team has carried out numerous targeted attacks exploiting zero-day vulnerabilities. One of the most notable attacks attributed to the Codoso Team occurred in November last year when they launched a watering hole attack against Forbes and other undisclosed targets. The attack was identified and attributed to the Codoso Team by iSIGHT Partners and Invincea, two cybersecurity firms that have been tracking the group's activities for some time. These firms believe that this recent hacking push is consistent with the modus operandi of the Codoso Team, further solidifying their reputation as a persistent threat actor. In conclusion, the Codoso Team represents a significant and ongoing cybersecurity threat. Their suspected ties to the Chinese government, combined with their focus on legal and investment sectors, make them a critical concern for businesses operating within these industries. Furthermore, their use of sophisticated techniques such as zero-day exploits and watering hole attacks underscores the need for robust cybersecurity defenses and proactive threat intelligence.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Codoso
1
Codoso, also known as C0d0so0 or the Sunshop Group, is a notable threat actor in the cybersecurity landscape. Originally identified by FireEye as the Sunshop Group in 2013, this adversary group has been on security research radars since 2010 due to its numerous targeted attacks exploiting zero-day v
Sunshop Group
1
None
APT19
1
APT19, also known as the Codoso Team, is a threat actor suspected to be sponsored by the Chinese government to some degree. This group, potentially composed of freelancers, primarily targets the legal and investment sectors. They are known for their use of sophisticated malware like BEACON and COBAL
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
China
Zero Day
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Codoso Team Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
MITRE
a year ago
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole