Shaoye

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Shaoye, also known as Roaming Mantis, is a well-known threat actor in the cybersecurity landscape. This entity has been implicated in long-term cyberattack campaigns that primarily focus on Android devices. The modus operandi of Shaoye involves the use of malicious Android package (APK) files to gain control over infected devices and pilfer valuable data. This approach allows them to manipulate the device's functionalities and extract sensitive information, making it a significant threat to individual privacy and data security. In 2022, Shaoye launched a campaign that involved spreading an Android app with advanced capabilities. This particular application was designed to modify DNS settings on Wi-Fi routers through their administration interface. By altering these settings, Shaoye could potentially redirect traffic to malicious sites or intercept sensitive data, further enhancing their ability to execute successful cyberattacks. Besides controlling infected devices and stealing data, Roaming Mantis also employs phishing techniques to steal user credentials. The group's activities are strongly financially motivated, suggesting that they may sell stolen data or use it for fraudulent purposes. Given the sophistication of their methods and their persistence, Shaoye poses a substantial ongoing threat to cybersecurity.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Roaming Mantis
3
Roaming Mantis, also known as Shaoye, is a financially motivated threat actor first reported in 2017. The group primarily targets mobile device users across several countries, with a particular focus on the Asian region, including Japan, South Korea, and Taiwan. This long-term cyberattack campaign u
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Android
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Shaoye Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Project TajMahal – a sophisticated new APT framework | Securelist
MITRE
a year ago
Minidionis – one more APT with a usage of cloud drives
CERT-EU
10 months ago
IoT threats in 2023
MITRE
a year ago
The Spring Dragon APT
Securelist
a year ago
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
CERT-EU
10 months ago
Overview of IoT threats in 2023 – GIXtools