Double Dragon

Threat Actor updated 4 months ago (2024-05-04T20:33:25.635Z)
Download STIX
Preview STIX
Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by the cybersecurity industry as one of the most significant threats due to its state-sponsored backing and sophisticated cyber-espionage capabilities. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center highlighted Double Dragon in a threat brief issued on a Thursday, listing it among the top threat actors alongside groups like North Korea's Lazarus Group and APT43, which are affiliated with Kimsuky, Velvet Chollima, and Emerald Sleet, and Thallium. These groups pose substantial risks due to their sponsorship from national governments, demonstrating the increasing complexity and severity of global cybersecurity threats. In conclusion, the threat posed by Double Dragon, or APT41, is significant due to its origins and support from the Chinese state. This group, along with other major threat actors, underscores the escalating challenges faced by cybersecurity professionals worldwide. It is crucial for organizations to stay updated about these threat actors and implement robust security measures to safeguard their digital infrastructure.
Description last updated: 2023-11-28T21:13:35.435Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Wicked Panda
2
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified it as one of the top cyber threats. Over the years, security resea
APT41
2
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Health
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Apt43Unspecified
2
APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity
Emerald SleetUnspecified
2
Emerald Sleet, a North Korea-affiliated advanced persistent threat (APT) group, has emerged as a significant cybersecurity concern. The group leverages OpenAI’s ChatGPT, the same technology that underpins Microsoft's Copilot, to enhance its malicious activities. These activities include spear-phishi
ThalliumUnspecified
2
Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No
Lazarus GroupUnspecified
2
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and
Source Document References
Information about the Double Dragon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
BankInfoSecurity
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
CERT-EU
a year ago
Finding WyrmSpy and DragonEgg Ties to APT41 in the DNS