 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: AVIVORE| Names | AVIVORE (Context) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2015 | |
| Description | (Context) Until now, most prominent supply chain intrusions have been 'vertical'; initial victims are typically Managed Services Providers or software vendors leveraged by attackers to move up or down the supply chain. However, since summer 2018, Context Information Security has been investigating a series of incidents targeting UK and European Aerospace and Defence that are best described as 'horizontal'. Advanced attackers have been leveraging direct connectivity between suppliers and partners who are integrated into each other’s value chains. We have been tracking this activity under the codename AVIVORE. Affected victims include large multinational firms (Primes) and smaller engineering or consultancy firms within their supply chain (Secondaries). Context has worked closely with victims, the National Cyber Security Centre (NCSC), security organisations, and law enforcement agencies across Europe to reduce impact and prevent further compromise. | |
| Observed | Sectors: Aerospace, Automotive, Energy, Satellites. Countries: UK and Europe. | |
| Tools used | Mimikatz, PlugX, Living off the Land. | |
| Information | <https://www.contextis.com/en/blog/avivore> | |
Last change to this card: 19 April 2020
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |