Introduction
Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion Dog. This threat actor targets government institutions, military contractors, maritime and shipbuilding groups, telecommunications operators, and others, primarily in Japan and South Korea.
Activities and Tactics
Targeted Sectors: Other, Maritime, Military, Government, Administration, Telecoms, Government
Country of Origin: 🇨🇳 China
Risk Level: High
First Seen: 2013
Last Activity: 2013
Incident Type: Espionage
Suspected Victims: South Korea, United States, Japan, Germany, China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- China Chopper
- OnionDuke
- Dagger Three (C2 software):
- Fucobha Backdoor:
- IceFog:
- RoyalRoad RTF Weaponizer:
- PlugX-Talisman:
- ShadowPad:
- GUNTERS:
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
References pending cataloguing.