Palmerworm

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Palmerworm, also known as BlackTech, Temp.Overboard, Circuit Panda, and Radio Panda, is a threat actor group that has been active since at least 2013. This group has demonstrated extensive capabilities in targeting various sectors such as government, industrial, technology, media, electronics, and telecommunication, including entities supporting the militaries of the U.S. and Japan. Their operations have primarily focused on East Asia, specifically Taiwan, Japan, and Hong Kong, since 2007. Palmerworm's activities in a recent campaign were first noticed in August 2019 when they infiltrated the networks of a Taiwanese media company and a Chinese construction company. The Cybersecurity and Infrastructure Security Agency (CISA) has recognized Palmerworm for its adeptness in modifying router malware without detection and exploiting routers' domain-trust relationships to gain access to victim networks. The group maintained a presence on the networks of a construction and finance company for several months, indicating their persistent approach. Despite no clear evidence on the infection vector used by Palmerworm in this particular campaign, previous instances have documented the group's use of spear-phishing emails to gain initial network access. In addition to their sophisticated intrusion methods, Palmerworm has been publicly reported to use stolen code-signing certificates in prior attack campaigns. This aligns with their strategy of using "living-off-the-land" tactics, which involve exploiting dual-use tools commonly used by legitimate users. These advanced persistent threat (APT) groups like Palmerworm have increasingly adopted such tactics in recent years, making them a significant concern for cybersecurity agencies across the globe.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
BlackTech
3
BlackTech is a threat actor or hacking group, with suspected links to China, that is known for its malicious activities aimed at gathering intelligence from technology and government organizations. Notably, this threat actor focuses on entities in the Asia-Pacific region. The cybersecurity industry
temp.overboard
1
Temp.Overboard, also known as BlackTech, Circuit Panda, Palmerworm, and several other aliases, is a threat actor that has been active in the cybersecurity landscape since at least 2007. This group is known for its operations against targets in East Asia, specifically Taiwan, Japan, and Hong Kong. As
Circuit Panda
1
Circuit Panda, also known as BlackTech, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard, is a significant threat actor with a history of operating against targets in East Asia, particularly Taiwan, Japan, and Hong Kong since at least 2007. This group is part of a constellation of adva
Taurus
1
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Phishing
Espionage
exploited
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Red DjinnUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Palmerworm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
3 months ago
How Soccer's 2022 World Cup in Qatar Was Nearly Hacked
CERT-EU
8 months ago
How to protect corporate routers and firewalls against hacking
CERT-EU
10 months ago
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
CISA
10 months ago
People's Republic of China-Linked Cyber Actors Hide in Router Firmware | CISA
MITRE
a year ago
Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors