Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT17 – Sneaky Panda – CHINA

August 10, 2021
Reading Time: 2 mins read
in APT
APT23 – Pirate Panda – CHINA

APT17 (G0025) is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.

Name: Tailgater Team (Symantec), Elderwood (Symantec), Elderwood Gang (Symantec), Sneaky Panda (CrowdStrike), SIG22 (NSA), Beijing Group (SecureWorks), Bronze Keystone (SecureWorks), TG-8153 (SecureWorks), TEMP.Avengers (FireEye), Dogfish (iDefense), Deputy Dog (iDefense), ATK 2 (Thales)

Location: China

Suspected attribution: State-sponsored, Jinan bureau of the Chinese Ministry of State Security

Date of initial activity:  2009

Targets: U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.

Motivation:  Espionage

Associated tools: 9002 RAT, BlackCoffee, Briba, Comfoo, DeputyDog, Gh0st RAT, HiKit, Jumpall, Linfo, Naid, Nerex, Pasam, Poison Ivy, PlugX, Vasport, Wiarp, ZoxPNG, ZoxRPC and several 0-days for IE.

Attack vectors: Created profile pages in Microsoft TechNet that were used as C2 infrastructure. Created and cultivated profile pages in Microsoft TechNet. To make profile pages appear more legitimate, APT17 has created biographical sections and posted in forum threads.

How they work:  FireEye has discovered a campaign leveraging the an announced zero-day CVE-2013-3893. This campaign, which was labeled ‘Operation DeputyDog’, began as early as August 19, 2013 and appears to have targeted organizations in Japan. FireEye Labs has been continuously monitoring the activities of the threat actor responsible for this campaign. Analysis based on their Dynamic Threat Intelligence cluster shows that this current campaign leveraged command and control infrastructure that is related to the infrastructure used in the attack on Bit9.

Tags: Advanced Persistent ThreatChina
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

FBI Warns UNC6040 UNC6395 Target Salesforce

Apple Warns French Users of Spyware

Samsung Fixes Zero-Day CVE-2025-21043

Former Feds Targeted By Chinese Jobs

CHILLYHELL And ZynorRAT Threaten Systems

Apple Warns Users As CERT-FR Confirms

Subscribe to our newsletter

    Latest Incidents

    West Virginia Credit Union Data Breach

    ShinyHunters Hit Vietnam Credit Center

    Great Firewall of China Data Leaked

    Panama Economy Ministry Reports Breach

    LNER Warns Customers Of Data Breach

    Hello Gym Leak Exposes Member Audio

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial