Double Dragon

Threat Actor updated 7 months ago (2024-05-04T20:33:25.635Z)

Download STIX

Preview STIX

Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by the cybersecurity industry as one of the most significant threats due to its state-sponsored backing and sophisticated cyber-espionage capabilities. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center highlighted Double Dragon in a threat brief issued on a Thursday, listing it among the top threat actors alongside groups like North Korea's Lazarus Group and APT43, which are affiliated with Kimsuky, Velvet Chollima, and Emerald Sleet, and Thallium. These groups pose substantial risks due to their sponsorship from national governments, demonstrating the increasing complexity and severity of global cybersecurity threats. In conclusion, the threat posed by Double Dragon, or APT41, is significant due to its origins and support from the Chinese state. This group, along with other major threat actors, underscores the escalating challenges faced by cybersecurity professionals worldwide. It is crucial for organizations to stay updated about these threat actors and implement robust security measures to safeguard their digital infrastructure.

Description last updated: 2023-11-28T21:13:35.435Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Wicked Panda is a possible alias for Double Dragon. Wicked Panda, also known as APT41, Double Dragon, and Brass Typhoon, is a prominent threat actor in the cybersecurity landscape. This China state-sponsored group has been identified as one of the top threat actors by the Department of Health and Human Services' Health Sector Cybersecurity Coordinati	2
APT41 is a possible alias for Double Dragon. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

State Sponso...

Health

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Apt43 Threat Actor is associated with Double Dragon. APT43, also known as Kimsuky, is a North Korean Advanced Persistent Threat (APT) group that has been active since at least 2013. The group is known for its intelligence collection activities and using cybercrime to fund espionage. It has been linked to several aliases including Springtail, ARCHIPELA	Unspecified	2
The Emerald Sleet Threat Actor is associated with Double Dragon. Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public	Unspecified	2
The Thallium Threat Actor is associated with Double Dragon. Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi	Unspecified	2
The Lazarus Group Threat Actor is associated with Double Dragon. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North K	Unspecified	2

Source Document References

Information about the Double Dragon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Chinese, North Korean Nation-State Groups Target Health Data
BankInfoSecurity	a year ago	Chinese, North Korean Nation-State Groups Target Health Data
CERT-EU	a year ago	Finding WyrmSpy and DragonEgg Ties to APT41 in the DNS