Names | SandCat (Kaspersky) | |
Country | Uzbekistan | |
Sponsor | State-sponsored, Military Unit 02616 | |
Motivation | Information theft and espionage | |
First seen | 2018 | |
Description | (Kaspersky) SandCat is a relatively new APT group; we first observed them in 2018, although it would appear they have been around for some time,” Costin Raiu, director of global research and analysis team at Kaspersky Lab, told Threatpost. “They use both FinFisher/FinSpy [spyware] and the CHAINSHOT framework in attacks, coupled with various zero-days. Targets of SandCat have been mostly observed in Middle East, including but not limited to Saudi Arabia. | |
Observed | Countries: Saudi Arabia and Middle East. | |
Tools used | FinFisher, CHAINSHOT and several 0-days. | |
Information | <https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/> <https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec> |
Last change to this card: 14 April 2020
Download this actor card in PDF or JSON format
Previous: Samurai Panda
Next: Sandman
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |