ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > SandCat

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SandCat

NamesSandCat (Kaspersky)
CountryUzbekistan Uzbekistan
SponsorState-sponsored, Military Unit 02616
MotivationInformation theft and espionage
First seen2018
Description(Kaspersky) SandCat is a relatively new APT group; we first observed them in 2018, although it would appear they have been around for some time,” Costin Raiu, director of global research and analysis team at Kaspersky Lab, told Threatpost. “They use both FinFisher/FinSpy [spyware] and the CHAINSHOT framework in attacks, coupled with various zero-days. Targets of SandCat have been mostly observed in Middle East, including but not limited to Saudi Arabia.
ObservedCountries: Saudi Arabia and Middle East.
Tools usedFinFisher, CHAINSHOT and several 0-days.
Information<https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/>
<https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]