ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > CardinalLizard

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: CardinalLizard

NamesCardinalLizard (Kaspersky)
CountryChina China
MotivationInformation theft and espionage
First seen2014
Description(Kaspersky) We are moderately confident that this is a new collection of Chinese-speaking activity targeting businesses, active since 2014. Over the last few years, the group has shown an interest in the Philippines, Russia, Mongolia and Malaysia, the latter especially prevalent during 2018. The hackers use a custom malware featuring some interesting anti-detection and anti-emulation techniques. The infrastructure used also shows some overlaps with Roaming Tiger and previous PlugX campaigns, but this could just be due to infrastructure reuse under the Chinese-speaking umbrella.
ObservedCountries: Malaysia, Mongolia, Philippines, Russia.
Tools usedPlugX.

Last change to this card: 29 April 2020

Download this actor card in PDF or JSON format

Previous: Carderbee
Next: Careto, The Mask

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]