Shaoye

Threat Actor updated 6 months ago (2024-05-05T01:17:45.648Z)

Download STIX

Preview STIX

Shaoye, also known as Roaming Mantis, is a well-known threat actor in the cybersecurity landscape. This entity has been implicated in long-term cyberattack campaigns that primarily focus on Android devices. The modus operandi of Shaoye involves the use of malicious Android package (APK) files to gain control over infected devices and pilfer valuable data. This approach allows them to manipulate the device's functionalities and extract sensitive information, making it a significant threat to individual privacy and data security. In 2022, Shaoye launched a campaign that involved spreading an Android app with advanced capabilities. This particular application was designed to modify DNS settings on Wi-Fi routers through their administration interface. By altering these settings, Shaoye could potentially redirect traffic to malicious sites or intercept sensitive data, further enhancing their ability to execute successful cyberattacks. Besides controlling infected devices and stealing data, Roaming Mantis also employs phishing techniques to steal user credentials. The group's activities are strongly financially motivated, suggesting that they may sell stolen data or use it for fraudulent purposes. Given the sophistication of their methods and their persistence, Shaoye poses a substantial ongoing threat to cybersecurity.

Description last updated: 2024-05-05T00:27:56.871Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Roaming Mantis is a possible alias for Shaoye. Roaming Mantis, also known as Shaoye, is a financially motivated threat actor first reported in 2017. The group primarily targets mobile device users across several countries, with a particular focus on the Asian region, including Japan, South Korea, and Taiwan. This long-term cyberattack campaign u	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Android

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Shaoye Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	Project TajMahal – a sophisticated new APT framework \| Securelist
MITRE	2 years ago	Minidionis – one more APT with a usage of cloud drives
CERT-EU	a year ago	IoT threats in 2023
MITRE	2 years ago	The Spring Dragon APT
Securelist	2 years ago	Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
CERT-EU	a year ago	Overview of IoT threats in 2023 – GIXtools