Names | Operation SLOW#TEMPEST (?) | |
Country | China | |
Motivation | Information theft and espionage | |
First seen | 2024 | |
Description | (Securonix) The Securonix Threat Research team has uncovered a covert campaign targeting Chinese-speaking users with Cobalt Strike payloads likely delivered through phishing emails. The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks. | |
Observed | Countries: China. | |
Tools used | Cobalt Strike, Mimikatz. | |
Information | <https://www.securonix.com/blog/from-cobalt-strike-to-mimikatz-slowtempest/> |
Last change to this card: 23 October 2024
Download this actor card in PDF or JSON format
Previous: Operation Silent Skimmer
Next: Operation Spalax
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |