ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Vicious Panda

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Vicious Panda

NamesVicious Panda (Check Point)
Bronze Dudley (SecureWorks)
CountryChina China
MotivationInformation theft and espionage
First seen2015
Description(Check Point) Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.

A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous group, dating back to at least 2016. Over the years, these operations targeted different sectors in multiple countries, such as Ukraine, Russia, and Belarus.
ObservedSectors: Government.
Countries: Belarus, Mongolia, Russia, Ukraine.
Tools used8.t Dropper, BBSRAT, Byeby, Cmstar, Enfal, Pylot.
Operations performedAug 2015Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
<https://unit42.paloaltonetworks.com/digital-quartermaster-scenario-demonstrated-in-attacks-against-the-mongolian-government/>
Jun 2017Threat Actors Target Government of Belarus Using CMSTAR Trojan
<https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/>
Mar 2020Vicious Panda: The COVID Campaign
Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.
<https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/>
Information<https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/>

Last change to this card: 07 January 2021

Download this actor card in PDF or JSON format

Previous: Venom Spider, Golden Chickens
Next: Viking Spider

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]