Introduction
Whitefly is a cyber espionage group that has been operating since at least 2017. The group has targeted organizations based mostly in Singapore across a wide variety of sectors, and is primarily interested in stealing large amounts of sensitive information. The group has been linked to an attack against Singaporeβs largest public health organization, SingHealth. Symantec Whitefly March 2019
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
- SingHealth
Tactics, Techniques, and Procedures (TTPs)
- T1105 Ingress Tool Transfer
- T1574.001 DLL
- T1003.001 LSASS Memory
- T1068 Exploitation for Privilege Escalation
- T1588.002 Tool
- T1059 Command and Scripting Interpreter
- T1027.013 Encrypted/Encoded File
- T1204.002 Malicious File
- T1036.005 Match Legitimate Resource Name or Location
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Archelaus Beta
- CrossRat
- CVE-2016-0051:
- Vcrodat:
- Nibatad:
- Termite:
- Mimikatz:
MITRE ATT&CK Software
Attribution and Evidence
Information pending cataloguing.
References
[1] mitre-attack [2] Symantec Whitefly March 2019 Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.