ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > [Unnamed groups: China]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: [Unnamed groups: China]

Names[Unnamed groups: China] (?)
CountryChina China
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2018
DescriptionThese are reported APT activities attributed to a country, but not to an individual threat group.
ObservedSectors: Defense, Government.
Countries: Cambodia, Japan, Myanmar, Netherlands, Taiwan, USA and Worlwide.
Tools usedCOATHANGER.
Operations performedJan 2018China blamed for data theft from US Navy contractor
<https://www.zdnet.com/article/china-blamed-for-data-theft-from-us-navy-contractor/>
Jun 2019Mitsubishi Electric discloses security breach, China is main suspect
<https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/>
Feb 2020China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
<https://medium.com/cycraft/china-linked-threat-group-targets-taiwan-critical-infrastructure-smokescreen-ransomware-c2a155aa53d5>
Mar 2020Unknown China-Based APT Targeting Myanmarese Entities
<https://www.anomali.com/blog/unknown-china-based-apt-targeting-myanmarese-entities#When:14:00:00Z>
Oct 2020China hacked Japan’s sensitive defense networks, officials say
<https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/>
2021Minority report: Fake human rights documents and websites used in cyberattacks targeting Uyghurs, a Turkic ethnic minority in China
<https://blog.checkpoint.com/security/minority-report-fake-human-rights-documents-and-websites-used-in-cyberattacks-targeting-uyghurs-a-turkic-ethnic-minority-in-china/>
Jan 2022News Corp discloses hack from 'persistent' nation state cyber attacks
<https://www.bleepingcomputer.com/news/security/news-corp-discloses-hack-from-persistent-nation-state-cyber-attacks/>
Oct 2022Amnesty International Canada breached by suspected Chinese hackers
<https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/>
Oct 2022Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
<https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally>
Oct 2022Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
<https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw>
2023Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT
<https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf>
<https://english.ncsc.nl/latest/news/2024/june/10/ongoing-state-sponsored-cyber-espionage-campaign-via-vulnerable-edge-devices>
Apr 2023China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan
<https://www.trellix.com/blogs/research/china-taiwan-tensions-spark-surge-in-cyberattacks-on-taiwan/>
Sep 2023Chinese APT Targeting Cambodian Government
<https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/>
Feb 2024Hackers stole 'sensitive' data from Taiwan telecom giant: ministry
<https://www.france24.com/en/live-news/20240301-hackers-stole-sensitive-data-from-taiwan-telecom-giant-ministry>
Counter operationsJul 2021The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China
<https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/>
May 2024Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet
<https://home.treasury.gov/news/press-releases/jy2375>
May 2024911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
<https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation>
Information<https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-158a>
<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a>
<https://us-cert.cisa.gov/ncas/alerts/aa20-258a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-279a>
<https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/>
<https://go.recordedfuture.com/hubfs/reports/cta-2024-0320.pdf>
<https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC-East-Asia-Report.pdf>
<https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks>

Last change to this card: 26 August 2024

Download this actor card in PDF or JSON format

Previous: ZooPark
Next: [Unnamed groups: Iran]

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]