Names | [Unnamed groups: China] (?) |
Country | China |
Sponsor | State-sponsored |
Motivation | Information theft and espionage |
First seen | 2018 |
Description | These are reported APT activities attributed to a country, but not to an individual threat group. |
Observed | Sectors: Defense, Government. Countries: Cambodia, Japan, Myanmar, Netherlands, Taiwan, USA and Worlwide. |
Tools used | BOLDMOVE, COATHANGER. |
Operations performed | Jan 2018 | China blamed for data theft from US Navy contractor <https://www.zdnet.com/article/china-blamed-for-data-theft-from-us-navy-contractor/> |
Jun 2019 | Mitsubishi Electric discloses security breach, China is main suspect <https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/> |
Feb 2020 | China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware <https://medium.com/cycraft/china-linked-threat-group-targets-taiwan-critical-infrastructure-smokescreen-ransomware-c2a155aa53d5> |
Mar 2020 | Unknown China-Based APT Targeting Myanmarese Entities <https://www.anomali.com/blog/unknown-china-based-apt-targeting-myanmarese-entities#When:14:00:00Z> |
Oct 2020 | China hacked Japan’s sensitive defense networks, officials say <https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/> |
2021 | Minority report: Fake human rights documents and websites used in cyberattacks targeting Uyghurs, a Turkic ethnic minority in China <https://blog.checkpoint.com/security/minority-report-fake-human-rights-documents-and-websites-used-in-cyberattacks-targeting-uyghurs-a-turkic-ethnic-minority-in-china/> |
Jan 2022 | News Corp discloses hack from 'persistent' nation state cyber attacks <https://www.bleepingcomputer.com/news/security/news-corp-discloses-hack-from-persistent-nation-state-cyber-attacks/> |
Sep 2022 | VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors <https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass> |
Oct 2022 | Amnesty International Canada breached by suspected Chinese hackers <https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/> |
Oct 2022 | Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China <https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally> |
Oct 2022 | Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) <https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw> |
2023 | Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT <https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf> |
Apr 2023 | China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan <https://www.trellix.com/blogs/research/china-taiwan-tensions-spark-surge-in-cyberattacks-on-taiwan/> |
Sep 2023 | Chinese APT Targeting Cambodian Government <https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/> |
Feb 2024 | Hackers stole 'sensitive' data from Taiwan telecom giant: ministry <https://www.france24.com/en/live-news/20240301-hackers-stole-sensitive-data-from-taiwan-telecom-giant-ministry> |
Counter operations | Jul 2021 | The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China <https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/> |
Information | <https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-158a> <https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a> <https://us-cert.cisa.gov/ncas/alerts/aa20-258a> <https://www.cisa.gov/uscert/ncas/alerts/aa22-279a> <https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/> <https://go.recordedfuture.com/hubfs/reports/cta-2024-0320.pdf> <https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC-East-Asia-Report.pdf> |