Poison Carp

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Poison Carp, also known as Insomnia, is a threat actor that has been associated with various malicious cyber activities. These activities have particularly targeted Tibetan minorities, highlighting the group's focus on specific sociopolitical issues. This threat actor is part of a larger network of hacking groups, which includes RedHotel and RedAlpha, and is believed to be linked to Chinese state-sponsored activities. Recent analysis by Recorded Future on leaked data from iSoon, a private contractor, provides further evidence of Poison Carp's connections to Chinese state hacking groups. The documents examined in this analysis explicitly link iSoon to Poison Carp, among other groups. Notably, the research uncovered shared IP addresses between iSoon and Poison Carp, as well as references to an Android remote access Trojan previously linked to Poison Carp. This suggests a degree of operational overlap or collaboration among these entities. Citizen Lab, another cybersecurity organization, has independently attributed recent attacks to Poison Carp. This reinforces the conclusion drawn by Recorded Future and highlights Poison Carp's ongoing engagement in cyber espionage. The group's persistent activity underscores the need for continued vigilance and robust cybersecurity measures to mitigate the risks posed by such threat actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Redhotel
1
RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun
Insomnia
1
Insomnia, as a cybersecurity term, refers to a threat actor group that is responsible for carrying out malicious activities. These threat actors could be individuals, private companies, or government entities. The naming conventions in the cybersecurity industry can often be confusing due to lack of
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Trojan
Chinese
Spyware
Phishing
ISOON
Android
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
I-SoonUnspecified
1
i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi
RedalphaUnspecified
1
RedAlpha, also known as DeepCliff, is an advanced persistent threat (APT) group that has been linked to Chinese state-sponsored cyber espionage activities. The group is known for its spyware campaigns against Tibetan minorities and has been identified in association with other threat groups such as
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Poison Carp Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
New Leak Shows Business Side of China’s APT Menace – GIXtools
Krebs on Security
5 months ago
New Leak Shows Business Side of China’s APT Menace
CERT-EU
5 months ago
Spyware leak offers 'first-of-its-kind' look inside Chinese government hacking efforts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Unit42
5 months ago
Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns
BankInfoSecurity
4 months ago
iSoon Leak Shows Links to Chinese APT Groups