ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Temper Panda, admin@338

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Temper Panda, admin@338

NamesTemper Panda (Crowdstrike)
admin@338 (FireEye)
Team338 (Kaspersky)
Magnesium (Microsoft)
CountryChina China
MotivationInformation theft and espionage
First seen2014
Description(FireEye) The threat group has previously used newsworthy events as lures to deliver malware. They have largely targeted organizations involved in financial, economic and trade policy, typically using publicly available RATs such as Poison Ivy, as well some non-public backdoors.

The group started targeting Hong Kong media companies, probably in response to political and economic challenges in Hong Kong and China. The threat group’s latest activity coincided with the announcement of criminal charges against democracy activists. During the past 12 months, Chinese authorities have faced several challenges, including large-scale protests in Hong Kong in late 2014, the precipitous decline in the stock market in mid-2015, and the massive industrial explosion in Tianjin in August 2015. In Hong Kong, the pro-democracy movement persists, and the government recently denied a professor a post because of his links to a pro-democracy leader.
ObservedSectors: Defense, Financial, Government, Media, Think Tanks.
Countries: Hong Kong, USA.
Tools usedBozok, BUBBLEWRAP, LOWBALL, Poison Ivy, Living off the Land.
Information<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html>
MITRE ATT&CK<https://attack.mitre.org/groups/G0018/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]