ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > GCHQ

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: GCHQ

NamesGCHQ (real name)
Government Communications Headquarters (real name)
CountryUK UK
MotivationInformation theft and espionage
First seen1919
Description(Wikipedia) GCHQ gains its intelligence by monitoring a wide variety of communications and other electronic signals. For this, a number of stations have been established in the UK and overseas. The listening stations are at Cheltenham itself, Bude, Scarborough, Ascension Island, and with the United States at Menwith Hill. Ayios Nikolaos Station in Cyprus is run by the British Army for GCHQ.

As revealed by Edward Snowden in The Guardian, GCHQ spied on foreign politicians visiting the 2009 G-20 London Summit by eavesdropping phonecalls and emails and monitoring their computers, and in some cases even ongoing after the summit via keyloggers that had been installed during the summit.

Other publicly exposed major APT activities from GCHQ involve the wholesale worldwide spying from programs such as, together with Equation Group, INCENSER, where various international Internet trunks were tapped.
ObservedSectors: Government, Telecommunications.
Countries: Belgium, UK.
Tools usedRegin.
Operations performed2009GCHQ intercepted foreign politicians' communications at G20 summits
2010Operation Socialist
Breach of the infrastructure of the Belgian telecommunications company Belgacom.

Last change to this card: 17 July 2020

Download this actor card in PDF or JSON format

Previous: Gangnam Industrial Style

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]