APT16

Also known as: APT16, G0023, SVCMONDR

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. FireEye EPS Awakens Part 2

🌍 Country China

⚡ Risk Level High

🎯 Incident Type Espionage

🧭 ATT&CK G0023

Private sector

Targeted Victims

Japan Taiwan

Introduction

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. FireEye EPS Awakens Part 2

Activities and Tactics

Targeted Sectors: Private sector

Country of Origin: 🇨🇳 China

Risk Level: High

Incident Type: Espionage

Suspected Victims: Japan, Taiwan

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

T1584.004 Server

ATT&CK technique IDs (denormalized)

T1584.004

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Backdoor.Oldrea
China Chopper
ELMER
Windows Remote Desktop
Xploit
ELMER backdoor:
Gh0st:
HTRAN:
UNICAT:
Poison Ivy:
Pandora:
CVE-2015-2545:

MITRE ATT&CK Software

ELMER (S0064) — malware

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] FireEye EPS Awakens Part 2 Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.

Source Attribution

Structured source: APT Groups & Operations Spreadsheet

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

APT Groups & Operations Dataset
malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium