| ID | Votes | Profile Description |
|---|---|---|
| APT41 | 5 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Barium | 5 | Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario |
| Axiom | 3 | Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi |
| Blackfly | 2 | Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz |
| Wicked Panda | 2 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| APT17 | 2 | APT17, also known as Tailgator Team and Deputy Dog, is a threat actor suspected to be affiliated with the Chinese intelligence apparatus. This group has been associated with various aliases including Winnti, PassCV, Axiom, LEAD, BARIUM, Wicked Panda, and GREF. The primary targets of APT17 are the U. |
| Greyfly | 1 | None |
| Redfly | 1 | RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan |
| Red Echo | 1 | Red Echo, also known as Redfly, is a subgroup within the larger threat actor group Winnti. This group has been identified as responsible for a series of cyber-attacks with malicious intent, targeting various entities globally. In a recent campaign, Red Echo managed to infiltrate and occupy the netwo |
| Taurus | 1 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
| Iron Taurus | 1 | Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operatio |
| Stately Taurus | 1 | Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to Marc |
| GREF | 1 | GREF, a China-aligned Advanced Persistent Threat (APT) group, has been identified as the orchestrator of two active Android malware campaigns. The campaigns have been distributing a malicious software called BadBazaar via two applications, Signal Plus Messenger and FlyGram, through the Google Play s |
| KEYPLUG | 1 | KeyPlug is a modular backdoor malware, written in C++, that has been used extensively by the APT41 group to target systems globally. Notably, between June and December 2021, it was heavily deployed against state government victims, exploiting Windows systems with significant effect. KeyPlug supports |
| svchost.exe | 1 | Svchost.exe is a malware that exploits and damages computer systems by injecting malicious code into various processes. This harmful program can infiltrate your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, di |
| Suckfly | 1 | Suckfly, an advanced threat group, has been identified as conducting targeted attacks using multiple stolen certificates, hacktools, and custom malware. This group is not the only one to use certificates to sign malware, but they are possibly the most prolific collectors of them. The group's broad a |
| Ta428 | 1 | TA428 is a sophisticated malware toolkit associated with several cyber threat groups, including Bronze Union (also known as LuckyMouse or APT27) and BackdoorDiplomacy. The TA428 toolkit includes various malicious software like Albaniiutas (RemShell), which is specifically mentioned in an ESET report |
| Redgolf | 1 | RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the |
| Bronze Atlas | 1 | Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a s |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ShadowPad | Unspecified | 7 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
| PlugX | Unspecified | 4 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| DragonEgg | Unspecified | 2 | DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance |
| Wyrmspy | Unspecified | 2 | WyrmSpy is a sophisticated malware attributed to the Chinese espionage group APT41, also known as Double Dragon, BARIUM, and Winnti. This harmful software, designed to exploit and damage computer systems or devices, infects systems through suspicious downloads, emails, or websites, often without use |
| PipeMon | Unspecified | 2 | PipeMon is a sophisticated, modular backdoor malware discovered in February 2020. It is attributed to the Winnti Group, known for their cyber espionage activities. This malware uses multiple named pipes for inter-module communication, hence its name "PipeMon". Its first stage consists of a password- |
| Sprysocks | Unspecified | 1 | SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowle |
| HDoor | Unspecified | 1 | HDoor is a malicious software (malware) that has been publicly available in Chinese forums since 2008. This malware, equipped with full backdoor capabilities, allows operators to perform a variety of tasks, making it a potent threat to computer systems. It can infect systems through suspicious downl |
| gh0st RAT | Unspecified | 1 | Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's |
| Paranoid Plugx | Unspecified | 1 | Paranoid PlugX is a sophisticated malware designed to exploit and damage computer systems, often infiltrating without the user's knowledge. It typically enters a system through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even |
| Gh0stcringe | Unspecified | 1 | Gh0stCringe is a variant of Gh0st RAT, a notorious malware that has been used in numerous cyber attacks. This malicious software is designed to exploit and damage computers or devices by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once in |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Brute Ratel | Unspecified | 1 | Brute Ratel is a sophisticated malware variant that has been used in a series of cyber attacks targeting diplomatic staff and other sensitive targets. It's delivered through custom loaders embedded in lure documents, which are designed to trick the recipient into triggering the infection process. On |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Winnti Group | Unspecified | 5 | The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l |
| I-Soon | Unspecified | 3 | i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi |
| Mustang Panda | Unspecified | 3 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| Redhotel | Unspecified | 2 | RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun |
| Earth Lusca | Unspecified | 2 | Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa |
| Naikon | Unspecified | 1 | Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/ |
| APT27 | Unspecified | 1 | APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario |
| Goblin Panda | Unspecified | 1 | Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t |
| Crosswalk | Unspecified | 1 | Crosswalk, a threat actor in the cybersecurity industry, has been identified as utilizing FakeTLS in its traffic, presenting significant security concerns. This modular backdoor is implemented in shellcode, with the main payload being the Crosswalk backdoor itself. The malicious files associated wit |
| Higaisa | Unspecified | 1 | Higaisa is a threat actor, or hacking group, believed to have its origins in South Korea according to Tencent's analysis. The group has been identified as targeting primarily North Korean government and trade organizations, but it has also extended its operations to China, Japan, Russia, Poland, and |
| APT1 | Unspecified | 1 | APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak |
| Tick | Unspecified | 1 | Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami |
| LuckyMouse | Unspecified | 1 | LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an |
| Calypso | Unspecified | 1 | Calypso is a notable threat actor group, potentially linked to the Chinese state-sponsored threat actor group APT41, alongside other groups such as Hafnium, LuckyMouse, Tick, and Winnti Group. This group has been involved in various cyber espionage campaigns using sophisticated tools like Win32/Korp |
| Night Dragon | Unspecified | 1 | Night Dragon is a recognized threat actor, a term used in cybersecurity to denote an individual or group that carries out malicious activities. These entities can range from single individuals to large organizations or even government bodies. Night Dragon has been associated with several significant |
| TeamTNT | Unspecified | 1 | TeamTNT, a threat actor group known for its malicious activities, has been implicated in a series of sophisticated attacks on Kubernetes, one of the most complex to date. The group is notorious for deploying malware, specifically the Hildegard malware, which was identified during a new campaign. The |
| ScarCruft | Unspecified | 1 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 8 days ago | China's APT41 Targets Global Logistics, Utilities Companies |
| Securityaffairs | a month ago | Russia-linked group APT29 likely breached TeamViewer |
| Unit42 | 2 months ago | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia |
| CERT-EU | 4 months ago | WinNTI hacker attack on another DAX company detected |
| CERT-EU | 5 months ago | i-SOON Data Leak: Key Points |
| CERT-EU | 5 months ago | Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities |
| Trend Micro | 5 months ago | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections |
| Unit42 | 5 months ago | Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns |
| CERT-EU | 5 months ago | iSoon's Secret APT Status Exposes China's Foreign Hacking Machination | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| DARKReading | 5 months ago | iSoon's Secret APT Status Exposes China's Foreign Hacking Machination |
| CERT-EU | 5 months ago | Chinese Hacking Contractor iSoon Leaks Internal Documents | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| BankInfoSecurity | 5 months ago | Chinese Hacking Contractor iSoon Leaks Internal Documents |
| CERT-EU | 6 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of CPC Corporation |
| CERT-EU | 8 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of technology and manufacturing companies in Asia, Europe, and North America |
| CERT-EU | 8 months ago | Kaspersky's Advanced Persistent Threats Predictions for 2024 |
| CERT-EU | 9 months ago | Tom "Hollywood" Hegel - ProtectWise 401TRG |
| CERT-EU | 9 months ago | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
| CERT-EU | 9 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of CPC Corporation |
| CERT-EU | 10 months ago | Chinese APT Actors Target WeChat Users |
| BankInfoSecurity | 10 months ago | Chinese APT Actors Target WeChat Users |