ID | Votes | Profile Description |
---|---|---|
Camaro Dragon | 6 | Camaro Dragon, a Chinese state-sponsored threat actor also known as Stately Taurus, Mustang Panda, Bronze President, Red Delta, Luminous Moth, and Earth Preta, has been active since at least 2012. In 2023, Checkpoint Research discovered a custom firmware image linked to Camaro Dragon that contained |
Stately Taurus | 5 | Stately Taurus is a sophisticated malware associated with a Chinese Advanced Persistent Threat (APT) group that conducts cyberespionage campaigns. This group has been observed targeting government entities, as well as religious and non-governmental organizations across Europe and Asia. The malware i |
RedDelta | 5 | RedDelta, also known as Bronze President, is a threat actor that has been conducting cyber-espionage attacks since 2014. It is one of the likely Ministry of State Security (MSS)-linked groups which include APT10, APT17, APT27, APT40, APT41, TAG-22, and RedBravo among others. The organization's activ |
LuminousMoth | 4 | LuminousMoth is a threat actor with ties to HoneyMyte, as evidenced by their similar targeting and Tactics, Techniques, and Procedures (TTPs). These include the use of DLL side-loading, Cobalt Strike loaders, and Chrome cookie stealers. The malware's operation begins with the execution of "explorer. |
BRONZE PRESIDENT | 4 | Bronze President, a Chinese-state-sponsored APT group also known as Mustang Panda, has been identified as a significant threat actor in data theft campaigns. The group has deployed a variety of remote access tools, including Cobalt Strike and RCSession, to steal data from targeted organizations. Bro |
Honeymyte | 3 | HoneyMyte, also known as Mustang Panda, is a notable threat actor in the cybersecurity landscape. This group has been linked to various malicious activities, including the use of DLL side-loading and Cobalt Strike loaders, similar to the tactics, techniques, and procedures (TTPs) employed by another |
Earth Preta | 3 | Earth Preta, also known as Mustang Panda, is a threat actor group that has been operational since at least 2012. The group has been highly active in Europe and Asia, with particular emphasis on the Asia-Pacific (APAC) region. Earth Preta employs several tools and commands for the Command and Control |
APT41 | 2 | APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various |
BlackTech | 2 | BlackTech, a China-linked Advanced Persistent Threat (APT) group, poses a significant cybersecurity threat due to its sophisticated and covert hacking activities. As a threat actor, BlackTech's operations involve executing actions with malicious intent, which can be attributed to individuals, privat |
TA416 | 2 | TA416 is an advanced persistent threat (APT) group that targets organizations globally with customized versions of the PlugX malware. TA416 has used a distinct installation method of a PE dropper to retrieve Trident loaded payload components using a legitimate PE and a DLL loader file to load a Plug |
ID | Type | Votes | Profile Description |
---|---|---|---|
PlugX | Unspecified | 5 | PlugX is a type of malware, specifically a Remote Access Trojan (RAT), that has been utilized by various threat groups, including the Chinese government-sponsored group known as Winnti. This malicious software exploits and damages computer systems, often infiltrating them through suspicious download |
Korplug | Unspecified | 2 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
Doplugs | Unspecified | 2 | DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U |
Iron Taurus | Unspecified | 2 | Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operatio |
ID | Type | Votes | Profile Description |
---|---|---|---|
Ke3chang | Unspecified | 4 | Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang |
APT27 | Unspecified | 4 | APT27, also known as Iron Taurus, is a threat actor group suspected to be attributed to China. Engaging in cyber operations with the primary goal of intellectual property theft, APT27 targets organizations globally, with a focus on North and South America, Europe, and the Middle East. The group's mo |
Winnti | Unspecified | 3 | The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai |
GALLIUM | Unspecified | 2 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
APT31 | Unspecified | 2 | APT31, also known as Zirconium, is a threat actor group linked to the Chinese government that has been implicated in numerous cyber espionage activities. One of their most notable exploits was the cloning of the Equation Group's exploit, EpMe (CVE-2017-0005). This exploit was initially discovered du |
APT30 | Unspecified | 2 | APT30, a threat actor suspected to be attributed to China, has been active since at least 2005. This group primarily targets members of the Association of Southeast Asian Nations (ASEAN). APT30 is notable for its sustained activity over an extended period and its ability to adapt and modify source c |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | a day ago | Microsoft VS Code Undermined in Asian Spy Attack | |
DARKReading | 4 days ago | Mustang Panda Feeds Worm-Driven USB Attack Strategy | |
Securityaffairs | a month ago | China-linked APT41 breached Taiwanese research institute | |
DARKReading | 3 months ago | China-Linked Espionage Groups Target Asian Telecoms | |
Securityaffairs | 3 months ago | China-linked spies target Asian Telcos since at least 2021 | |
ESET | 3 months ago | ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024 | |
DARKReading | 3 months ago | Chinese Threat Clusters Triple-Team High-Profile Asian Government Org | |
ESET | 4 months ago | Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries | |
BankInfoSecurity | 4 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers | |
Unit42 | 4 months ago | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia | |
ESET | 4 months ago | ESET APT Activity Report Q4 2023–Q1 2024 | |
DARKReading | 5 months ago | Philippines Pummeled by Cyberattacks & Misinformation Tied to China | |
Securityaffairs | 5 months ago | Misinformation and hacktivist campaigns targeting the Philippines skyrocket | |
DARKReading | 5 months ago | Japan, Philippines, US to Share Cyber Threat Intel | |
DARKReading | 6 months ago | Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents | |
CERT-EU | 7 months ago | Sophisticated PlugX backdoor variant leveraged in Mustang Panda attacks | |
CERT-EU | 7 months ago | New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS | |
Securityaffairs | 7 months ago | New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS | |
Trend Micro | 7 months ago | Earth Preta Campaign Uses DOPLUGS to Target Asia | |
ESET | 8 months ago | NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |