ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Whitefly, Mofang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Whitefly, Mofang

NamesWhitefly (Symantec)
Mofang (Fox-IT)
TEMP.Mimic (FireEye)
Bronze Walker (SecureWorks)
ATK 83 (Thales)
SectorM04 (ThreatRecon)
Superman (?)
Country[Unknown]
MotivationInformation theft and espionage
First seen2012
Description(Fox-IT) Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang’s targets are selected based on involvement with investments, or technological advances that could be perceived as a threat to the Chinese sphere of influence. This is most clearly the case in a campaign focusing on government and critical infrastructure of Myanmar that is described in this report. Chances are about even, though, that Mofang is a relevant threat actor to any organization that invests in Myanmar or is otherwise politically involved. In addition to the campaign in Myanmar, Mofang has been observed to attack targets across multiple sectors (government, military, critical infrastructure and the automotive and weapon industries) in multiple countries.
ObservedSectors: Automotive, Critical infrastructure, Defense, Engineering, Government, Healthcare, Media, Telecommunications and weapon industries.
Countries: Canada, Germany, India, Myanmar, Singapore, South Korea, USA.
Tools usedMimikatz, Nibatad, ShimRAT, Termite, Vcrodat, Living off the Land.
Operations performedJul 2018Breach of SingHealth
<https://www.reuters.com/article/us-singapore-cyberattack/cyberattack-on-singapore-health-database-steals-details-of-1-5-million-including-pm-idUSKBN1KA14J>
<https://redalert.nshc.net/2019/03/19/sectorm04-targeting-singapore-custom-malware-analysis/>
Information<https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf>
<https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore>
MITRE ATT&CK<https://attack.mitre.org/groups/G0103/>
<https://attack.mitre.org/groups/G0107/>

Last change to this card: 30 December 2022

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]