ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > FunnyDream

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: FunnyDream

NamesFunnyDream (Kaspersky)
Red Hariasa (PWC)
Bronze Edgewood (SecureWorks)
TAG-16 (Recorded Future)
CountryChina China
MotivationInformation theft and espionage
First seen2018
DescriptionIn early 2020 Kaspersky published a report based on its investigation of an ongoing attack campaign called “FunnyDream”. This Chinese-speaking actor has been active for at least a few years and possesses different implants with various capabilities.

Since mid-2018, researchers at Kaspersky saw continuing high activity from this threat actor and among their targets were a number of high-level government organisations as well as some political parties from various Asian countries including the Philippines, Thailand, Vietnam, and Malaysia.

The campaign comprises a number of cyber espionage tools with various capabilities. As of the latest monitoring of the global cybersecurity company, FunnyDream's espionage attacks are still ongoing.
ObservedSectors: Government.
Countries: Indonesia, Malaysia, Philippines, Taiwan, Thailand, Vietnam.
Tools usedccf32, Chinoxy, Filepak, FilepakMonitor, FunnyDream, Keyrecord, Md_client, PCShare, ScreenCap, TcpBridge, Tcp_transfer, Living off the Land.

Last change to this card: 27 December 2021

Download this actor card in PDF or JSON format

Previous: Flying Kitten, Ajax Security Team
Next: Gallium

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]