Introduction
China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. This threat actor targets prodemocratic activists and organizations in Hong Kong, European and international financial institutions, and a U.S.-based think tank.
Activities and Tactics
Targeted Sectors: Activists, Trade, Finance, Political party, Government, Private sector, Civil society
Country of Origin: 🇨🇳 China
Risk Level: High
Incident Type: Espionage
Suspected Victims: Hong Kong, United States
Notable Campaigns
- admin@338
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Backdoor.Oldrea
- PoisonIvy
- China Chopper
- CyberGate
- Cyber Eye RAT
- Poison Ivy:
- jRat:
- LOWBALL:
- BUBBLEWRAP:
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
References pending cataloguing.