ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > AVIVORE

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: AVIVORE

NamesAVIVORE (Context)
CountryChina China
MotivationInformation theft and espionage
First seen2015
Description(Context) Until now, most prominent supply chain intrusions have been 'vertical'; initial victims are typically Managed Services Providers or software vendors leveraged by attackers to move up or down the supply chain. However, since summer 2018, Context Information Security has been investigating a series of incidents targeting UK and European Aerospace and Defence that are best described as 'horizontal'. Advanced attackers have been leveraging direct connectivity between suppliers and partners who are integrated into each other’s value chains. We have been tracking this activity under the codename AVIVORE.

Affected victims include large multinational firms (Primes) and smaller engineering or consultancy firms within their supply chain (Secondaries). Context has worked closely with victims, the National Cyber Security Centre (NCSC), security organisations, and law enforcement agencies across Europe to reduce impact and prevent further compromise.
ObservedSectors: Aerospace, Automotive, Energy, Satellites.
Countries: UK and Europe.
Tools usedMimikatz, PlugX, Living off the Land.

Last change to this card: 19 April 2020

Download this actor card in PDF or JSON format

Previous: AtlasCross
Next: Axiom, Group 72

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]