 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Temper Panda, admin@338| Names | Temper Panda (Crowdstrike) admin@338 (FireEye) Team338 (Kaspersky) Magnesium (Microsoft) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2014 | |
| Description | (FireEye) The threat group has previously used newsworthy events as lures to deliver malware. They have largely targeted organizations involved in financial, economic and trade policy, typically using publicly available RATs such as Poison Ivy, as well some non-public backdoors. The group started targeting Hong Kong media companies, probably in response to political and economic challenges in Hong Kong and China. The threat group’s latest activity coincided with the announcement of criminal charges against democracy activists. During the past 12 months, Chinese authorities have faced several challenges, including large-scale protests in Hong Kong in late 2014, the precipitous decline in the stock market in mid-2015, and the massive industrial explosion in Tianjin in August 2015. In Hong Kong, the pro-democracy movement persists, and the government recently denied a professor a post because of his links to a pro-democracy leader. | |
| Observed | Sectors: Defense, Financial, Government, Media, Think Tanks. Countries: Hong Kong, USA. | |
| Tools used | Bozok, BUBBLEWRAP, LOWBALL, Poison Ivy, Living off the Land. | |
| Information | <https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html> <https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html> | |
| MITRE ATT&CK | <https://attack.mitre.org/groups/G0018/> | |
Last change to this card: 22 April 2020
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |