Thrip

πŸ”΄ High
Also known as: Thrip, G0076, ATK78

Thrip is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well as β€œliving off the land” techniques. Symantec Thrip June 2018

🌍 Country Unknown
⚑ Risk Level High
🎯 Incident Type Espionage
🧭 ATT&CK G0076
Private sector

Targeted Victims

United States

Introduction

Thrip is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well as β€œliving off the land” techniques. Symantec Thrip June 2018

Activities and Tactics

Targeted Sectors: Private sector

Country of Origin: 🏳️ Unknown

Risk Level: High

Incident Type: Espionage

Suspected Victims: United States

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • UNITEDRAKE

Attribution and Evidence

Country of Origin: Unknown Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] Symantec Thrip June 2018