ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > [Unnamed groups: China]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: [Unnamed groups: China]

Names[Unnamed groups: China] (?)
CountryChina China
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2018
DescriptionThese are reported APT activities attributed to a country, but not to an individual threat group.
ObservedSectors: Defense, Government.
Countries: Cambodia, Japan, Myanmar, Netherlands, Taiwan, USA and Worlwide.
Tools usedBOLDMOVE, COATHANGER.
Operations performedJan 2018China blamed for data theft from US Navy contractor
<https://www.zdnet.com/article/china-blamed-for-data-theft-from-us-navy-contractor/>
Jun 2019Mitsubishi Electric discloses security breach, China is main suspect
<https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/>
Feb 2020China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
<https://medium.com/cycraft/china-linked-threat-group-targets-taiwan-critical-infrastructure-smokescreen-ransomware-c2a155aa53d5>
Mar 2020Unknown China-Based APT Targeting Myanmarese Entities
<https://www.anomali.com/blog/unknown-china-based-apt-targeting-myanmarese-entities#When:14:00:00Z>
Oct 2020China hacked Japan’s sensitive defense networks, officials say
<https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/>
2021Minority report: Fake human rights documents and websites used in cyberattacks targeting Uyghurs, a Turkic ethnic minority in China
<https://blog.checkpoint.com/security/minority-report-fake-human-rights-documents-and-websites-used-in-cyberattacks-targeting-uyghurs-a-turkic-ethnic-minority-in-china/>
Jan 2022News Corp discloses hack from 'persistent' nation state cyber attacks
<https://www.bleepingcomputer.com/news/security/news-corp-discloses-hack-from-persistent-nation-state-cyber-attacks/>
Sep 2022VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors
<https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass>
Oct 2022Amnesty International Canada breached by suspected Chinese hackers
<https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/>
Oct 2022Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
<https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally>
Oct 2022Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
<https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw>
2023Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT
<https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf>
Apr 2023China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan
<https://www.trellix.com/blogs/research/china-taiwan-tensions-spark-surge-in-cyberattacks-on-taiwan/>
Sep 2023Chinese APT Targeting Cambodian Government
<https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/>
Feb 2024Hackers stole 'sensitive' data from Taiwan telecom giant: ministry
<https://www.france24.com/en/live-news/20240301-hackers-stole-sensitive-data-from-taiwan-telecom-giant-ministry>
Counter operationsJul 2021The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China
<https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/>
Information<https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-158a>
<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a>
<https://us-cert.cisa.gov/ncas/alerts/aa20-258a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-279a>
<https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/>

Last change to this card: 13 March 2024

Download this actor card in PDF or JSON format

Previous: ZooPark
Next: [Unnamed groups: Iran]

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]