TEMP.Periscope

Threat Actor updated a month ago (2024-11-29T14:09:41.550Z)

Download STIX

Preview STIX

TEMP.Periscope, also known as APT40 and TEMP.Jumper among other names, is a threat actor group with a nexus to China that has been active since at least 2013. This group is known for its cyber espionage activities primarily targeting maritime-related entities across various sectors such as engineering, shipping and transportation, manufacturing, defense, government offices, and research universities. The group has seen a recent resurgence in activity, showcasing a revised toolkit while still leveraging a large library of malware shared with multiple other suspected Chinese groups. In July 2021, the U.S. Justice Department indicted four members of this group for hacking tens of government organizations, private businesses, and universities worldwide between 2011 and 2018. The group's modus operandi includes overlapping targeting strategies, tactics, techniques, and procedures (TTPs) with another group known as TEMP.Jumper. Their arsenal of tools includes AIRBREAK, a JavaScript-based backdoor, and Beacon, a backdoor commercially available as part of the Cobalt Strike software platform. Cybersecurity agencies from several countries including Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have issued a joint advisory warning about the group's capabilities to rapidly exploit disclosed flaws. TEMP.Periscope has been observed targeting organizations across various countries, including the United States. The group's recent spike in activity and their ability to adapt and revise their toolkit underscore the ongoing threat they pose to global cybersecurity.

Description last updated: 2024-07-10T18:15:41.769Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
TEMP.Jumper is a possible alias for TEMP.Periscope. TEMP.Jumper, also known as TEMP.Periscope, Leviathan, APT40, and several other aliases, is a China-nexus cyber espionage group. This threat actor has been active in the cybersecurity landscape for years, targeting government organizations, private businesses, and universities worldwide. Notably, bet	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the TEMP.Periscope Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	6 months ago	Cybersecurity agencies warn of China-linked APT40 's capabilities
CERT-EU	2 years ago	Cybersecurity in the U.S. Construction Industry: Navigating Challenges and Strategies for a Secure Future – Part 1
MITRE	2 years ago	Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries \| Mandiant
MITRE	2 years ago	APT40: Examining a China-Nexus Espionage Actor \| Mandiant