| ID | Votes | Profile Description |
|---|---|---|
| APT15 | 2 | APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I |
| Ke3chang | 1 | Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang |
| Winnti | 1 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| Axiom | 1 | Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi |
| APT17 | 1 | APT17, also known as Tailgator Team and Deputy Dog, is a threat actor suspected to be affiliated with the Chinese intelligence apparatus. This group has been associated with various aliases including Winnti, PassCV, Axiom, LEAD, BARIUM, Wicked Panda, and GREF. The primary targets of APT17 are the U. |
| Passcv | 1 | PassCV is a threat actor, or hacking team, that has been identified as part of the Chinese intelligence apparatus. This group has operated under various names including Winnti, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF, indicating a broad and complex network of cyber operations. The group i |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Flygram | has used | 2 | FlyGram is a malicious software (malware) that first appeared on Google Play in July 2020 and was removed in January 2021. It was designed to exploit and damage users' devices by stealing sensitive data, including basic device information, contact lists, call logs, and Google Account data. The malwa |
| Badbazaar | Unspecified | 2 | BadBazaar is a malicious software (malware) developed by EvilBamboo, a hacker group that primarily targets the Uyghur community in China and abroad, including Turkey and Afghanistan. This malware, along with two others named BADSIGNAL and BADSOLAR, is designed to exploit Android devices through dece |
| Signal Plus Messenger | Unspecified | 2 | Signal Plus Messenger and FlyGram are malware variants of a sophisticated espionage tool named BadBazaar, believed to be orchestrated by a China-linked threat actor known as Gref. These malicious applications were distributed through the Google Play store, Samsung Galaxy Store, and specific websites |
| Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| WannaCry | Unspecified | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| Infamous Chisel | Unspecified | 1 | Infamous Chisel is a malicious software (malware) that has been identified as a significant threat to Android users globally. It is designed to exploit and damage the targeted systems, infiltrating them via suspicious downloads, emails, or websites. Once inside, it can steal personal information, di |
| SapphireStealer | Unspecified | 1 | SapphireStealer is a malicious software, or malware, that has gained significant traction in the cybersecurity landscape. This open-source .NET-based information-stealing malware has been employed by various threat groups, with some even creating their own customized versions. The malware's capabili |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Labyrinth Chollima | Unspecified | 1 | Labyrinth Chollima, a threat actor linked to North Korea, has been involved in numerous malicious activities since 2009. Tracked by CrowdStrike and other cybersecurity organizations, Labyrinth Chollima is part of the Lazarus Group, known for stealthy attacks targeting various industries such as acad |
| Akira Ransomware Gang | Unspecified | 1 | The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Eternalblue | Unspecified | 1 | EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 9 months ago | The largest Russian bank Sberbank hit by a massive DDoS attack |
| CERT-EU | 9 months ago | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
| CERT-EU | a year ago | Delete these 2-fake messaging apps tied to China-aligned hacking group before your personal information is stolen | Technology | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | a year ago | New China-linked "BadBazaar" targets Android users via fake Signal, Telegram apps |
| Securityaffairs | a year ago | Security Affairs newsletter Round 435 by Pierluigi Paganini |
| CERT-EU | a year ago | BadBazaar Malware Attacking Android Users via Weaponized Telegram & Signal Apps | IT Security News |
| CERT-EU | a year ago | Cyber Security Week in Review: September 1, 2023 |
| CERT-EU | a year ago | BadBazaar Malware Attacking Android Users via Weaponized Telegram & Signal Apps |
| BankInfoSecurity | a year ago | Chinese APT Uses Fake Messenger Apps to Spy on Android Users |
| CERT-EU | a year ago | BadBazaar: Chinese Spyware Shams Signal, Telegram Apps |
| CERT-EU | a year ago | Trojanized Android messaging apps used for BadBazaar spyware distribution |
| CERT-EU | a year ago | Chinese Gref APT targets Android users via fake Signal and Telegram apps |
| CERT-EU | a year ago | Android-Malware: Badbazaar wurde im Google Play Store und Samsung-Store verteilt |
| DARKReading | a year ago | Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps |
| CERT-EU | a year ago | Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores | IT Security News |
| InfoSecurity-magazine | a year ago | Chinese APT Group GREF Use BadBazaar in Android Espionage |
| Securityaffairs | a year ago | Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores |
| CERT-EU | a year ago | BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps |
| CERT-EU | a year ago | China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users – GIXtools |
| CERT-EU | a year ago | Trojanized Signal and Telegram apps on Google Play delivered spyware |