Threat Group Cards: A Threat Actor Encyclopedia

APT group: Operation SLOW#TEMPEST

Names	Operation SLOW#TEMPEST (?)
Country	China
Motivation	Information theft and espionage
First seen	2024
Description	(Securonix) The Securonix Threat Research team has uncovered a covert campaign targeting Chinese-speaking users with Cobalt Strike payloads likely delivered through phishing emails. The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks.
Observed	Countries: China.
Tools used	Cobalt Strike, Mimikatz.
Information	<https://www.securonix.com/blog/from-cobalt-strike-to-mimikatz-slowtempest/>

Last change to this card: 23 October 2024

Download this actor card in PDF or JSON format