Threat Group Cards: A Threat Actor Encyclopedia

Names	APT-C-60 (Qihoo 360) APT-Q-12 (?)
Country	South Korea
Motivation	Information theft and espionage
First seen	2018
Description	(ThreatBook) APT-C-60 is disclosed by domestic security vendors in 2021. It is reported that the earliest attack time can be traced back to 2018 and the attack targets human resources and trade-related institutions including China. Recent monitoring by ThreatBook Intelligence Research and Response Team found that the Group has been active since December 2021. In June this year, the Group launched targeted attacks on targets in S. Korea.
Observed	Countries: East Asia.
Tools used	SpyGlace.
Information	<https://threatbook.io/blog/Analysis-of-APT-C-60-Attack-on-South-Korea> <https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/> <https://blogs.jpcert.or.jp/ja/2024/11/APT-C-60.html>

Last change to this card: 26 December 2024

Download this actor card in PDF or JSON format