Chinese APT Groups
Last updated
Was this helpful?
Last updated
Was this helpful?
Affiliation: Chinese state-sponsored
Activities: Known for dual espionage and cybercrime operations, targeting healthcare, high-tech, telecommunications sectors, and the video game industry. Unique for its financially motivated activities alongside state-sponsored espionage.
Targets: Healthcare, high-tech, telecommunications, video game industry.
TTPs (Tactics, Techniques, Procedures):
Supply chain compromises:
Use of backdoors and RATs:
Financially motivated cybercrime activities:
Exploitation of software vulnerabilities:
Data exfiltration and intellectual property theft:
Notable Incidents:
Global Cyber Espionage: Targeting multiple industries, including the theft of intellectual property from healthcare, high-tech, and telecommunications sectors. APT41 used sophisticated techniques to gain access to sensitive data and research.
Video Game Industry Attacks (2020): Stealing in-game currency and intellectual property from major gaming companies. This involved compromising game servers and developer accounts.
US Healthcare Sector (2019): Targeted the US healthcare sector, stealing patient data and intellectual property related to medical research. APT41 used spear-phishing and malware to infiltrate healthcare organizations.
Global Universities (2020): Conducted cyber espionage against universities worldwide, stealing research data related to biotechnology and other advanced fields. APT41 used sophisticated malware to maintain persistent access.
US Gaming Industry (2021): Targeted the US gaming industry, stealing game source code and other valuable data. This operation involved the use of advanced malware and exploitation of vulnerabilities in gaming platforms.
Affiliation: Chinese Ministry of State Security (MSS)
Activities: Active since at least 2009, targeting governmental organizations, companies, and universities in industries such as biomedical, robotics, and maritime research. Known for stealing trade secrets and intellectual property.
Targets: Governmental organizations, biomedical, robotics, maritime research sectors.
TTPs:
Notable Incidents:
Affiliation: Chinese state-sponsored
Activities: Known for cyber espionage and targeting NGOs, private companies, and government organizations. Often involved in operations aligned with China's geopolitical interests.
Targets: NGOs, private companies, government organizations.
TTPs:
Notable Incidents:
Spear-phishing:
Exploitation of vulnerabilities:
Use of malware like PlugX and Winnti:
Data exfiltration:
Intellectual property theft:
Maritime Industry Targeting (2019): APT40 focused on naval and shipping companies, stealing sensitive information related to shipbuilding and maritime operations. This involved the use of spear-phishing and custom malware to infiltrate maritime organizations.
Academic Institutions (2020): APT40 conducted cyber espionage against academic institutions, focusing on research data related to biomedical and robotics fields. This involved the use of advanced malware and exploitation of software vulnerabilities.
Defense Contractors (2021): Targeted defense contractors, stealing information related to military technologies. APT40 used spear-phishing and custom malware to gain access to sensitive defense-related data.
Spear-phishing:
Use of RATs and backdoors:
Credential theft:
Network reconnaissance:
Data exfiltration:
South Korean Government Hack (2018): APT43 targeted the South Korean government, stealing sensitive political and military information. This operation involved sophisticated spear-phishing campaigns and the use of remote access tools to exfiltrate data.
South Korean Media Hack (2019): Infiltrated South Korean media organizations, aiming to influence public opinion by spreading propaganda and misinformation. APT43 used spear-phishing and custom malware to gain access to media networks.
South Korean Defense Contractors Hack (2020): Targeted South Korean defense contractors to steal information related to military technologies. APT43 used advanced malware and network reconnaissance techniques to achieve their objectives.
Operations in South China Sea (2020): APT43 targeted entities in the South China Sea region to support China's geopolitical interests, focusing on maritime research and defense-related information.