Introduction
According to 360 TIC the actor has carried out continuous cyber espionage activities since 2011 on key units and departments of the Chinese government, military industry, scientific research, and finance. The organization focuses on information related to the nuclear industry and scientific research. The targets were mainly concentrated in mainland China…[M]ore than 670 malware samples have been collected from the group, including more than 60 malicious plugins specifically for lateral movement; more than 40 C2 domain names and IPs related to the organization have also been discovered.
Activities and Tactics
Targeted Sectors: Private sector, Government, Military, Scientific Research, Finance
Incident Type: Espionage
Suspected Victims: China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- China Chopper
- RTM
- CyberGate
- Cyber Eye RAT
- Nuclear RAT
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.