Introduction
Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target victims. Dell TG-3390 The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors. SecureWorks BRONZE UNION June 2017 Securelist LuckyMouse June 2018 Trend Micro DRBControl February 2020
Activities and Tactics
Targeted Sectors: Technology, Government, Administration, Defense, Government, Private sector
Country of Origin: π¨π³ China
First Seen: 2015
Last Activity: 2018
Incident Type: Espionage
Suspected Victims: United States, United Kingdom, France, Japan, Taiwan, India, Canada, China, Thailand, Israelβ¦
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 2 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- SPACESHIP:
- CyberGate:
- Cyber Eye RAT:
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Dell TG-3390 [3] SecureWorks BRONZE UNION June 2017 [4] Securelist LuckyMouse June 2018 [5] Trend Micro DRBControl February 2020