ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Antlion

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Antlion

NamesAntlion (?)
CountryChina China
MotivationInformation theft and espionage
First seen2011
Description(Symantec) Antlion is believed to have been involved in espionage activities since at least 2011, and this recent activity shows that it is still an actor to be aware of more than 10 years after it first appeared.

The length of time that Antlion was able to spend on victim networks is notable, with the group able to spend several months on victim networks, affording plenty of time to seek out and exfiltrate potentially sensitive information from infected organizations. The targeting of Taiwan is perhaps unsurprising given we know Chinese state-backed groups tend to be interested in organizations in that region.
ObservedSectors: Financial, Manufacturing.
Countries: Taiwan.
Tools usedCheckID, EHAGBPSL, ENCODE MMC, JpgRun, NetSessionEnum, ProcDump, PsExec, xPack, WinRAR, Living off the Land.
Information<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks>

Last change to this card: 04 February 2022

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]