Islanddreams

Threat Actor updated 7 months ago (2024-05-04T20:50:29.272Z)
Download STIX
Preview STIX
IslandDreams, also known as APT40, Bronze Mohawk, GreenCrash, Kryptonite Panda, Periscope, and Mudcarp, is a threat actor group that has been linked to China. The group has been associated with a series of malicious activities, including a notable phishing campaign in late August that targeted users in Papua New Guinea. Google's Threat Analysis Group (TAG) has attributed the fourth recent WinRAR attack to this group. The IslandDreams' campaign involved the use of decoy PDF files and was designed to deliver infostealers, further demonstrating the group's sophisticated tactics and strategies. The IslandDreams campaign utilized several indicators of compromise (IoCs), including FROZENBARENTS and FROZENLAKE, which were discovered on various online platforms. Other IoCs included specific file hashes and IP addresses. Furthermore, the group employed BOXRAT in their campaign, exploiting CVE-2023-38831, a vulnerability that has also been observed being used by other government-backed groups linked to China. The victims in Papua New Guinea were targeted through phishing emails that contained an attached exploit, a decoy PDF protected by a password, and an .lnk file. The .lnk file was set to load the payload.dll either from a hard-coded IP address or a file sharing site. This multi-pronged approach reflects the group's advanced techniques and adaptability, highlighting the necessity for robust cybersecurity measures against such sophisticated threats.
Description last updated: 2024-05-04T20:30:56.589Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT40 is a possible alias for Islanddreams. APT40, a threat actor attributed to China, is a cyber espionage group that primarily targets countries of strategic importance to the Belt and Road Initiative. The group is known for its use of a variety of attack vectors, notably spear-phishing emails posing as individuals likely to be of interest
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Exploit
Decoy
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Islanddreams Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more