DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home APT

APT 24 ( PittyTiger ) – China

Reading Time: 3 mins read
in APT
Names APT24 (Mandiant), PittyTiger (FireEye), Pitty Panda (CrowdStrike), Manganese (Microsoft)
Location China
Date of initial activity 2011
Motivation Information theft and espionage
Associated tools Enfal, Gh0st RAT, gsecdump, Leo RAT, Mimikatz, Paladin RAT, pgift, Pitty, Poison Ivy.

 

Overview

APT24 is known to have targeted organizations headquartered in countries including the U.S. and Taiwan. This group has historically used the RAR archive utility to encrypt and compress stolen data prior to transferring it out of the network. Data theft exfiltrated from this actor mainly focused on documents with political significance, suggesting its intent is to monitor the positions of various nation states on issues applicable to China’s ongoing territorial or sovereignty dispute.

Targets

Defense, Government, Telecommunications and Web development. Countries: Taiwan and Europe.

Attack vectors

This group leverages social engineering to deliver spear phishing emails, in a variety of languages including English, French and Chinese, and email phishing pages to their targets. The attackers use a variety of different malware and tools to maintain command and control (C2) and move laterally through their targets’ networks.

How they work

The attackers sent out emails written in English and French that appeared to come from someone within the targeted organization. The malicious messages carried harmless-looking Microsoft Word documents that were set up to drop a first-stage payload, Backdoor.APT.Pgift (Troj/ReRol.A), by exploiting both old (CVE-2012-0158) and new (CVE-2014-1761) vulnerabilities affecting the Microsoft Office suite.

Once it infects a computer, the Trojan sends some information on the compromised device back to its command and control (C&C) server, after which it downloads the second-stage malware.

Backdoor.APT.PittyTiger1.3 (CT RAT) has also been used, most likely as a second-stage malware since it provides attackers with a remote shell on the compromised system. Backdoor.APT.PittyTiger is a piece of malware leveraged by the group in 2012 and 2013. The threat is capable of capturing screenshots, uploading and downloading files, and providing a remote shell. Backdoor.APT.Lurid, and variants of Gh0st RAT, including Paladin RAT and Leo RAT, have also been used by the Pitty Tiger group, FireEye reported.

References:

  • Advanced Persistent Threats (APTs) – APT24
  • “Pitty Tiger” Threat Actors Possibly Active Since 2008: FireEye

 

Tags: Advanced Persistent ThreatAPT24BackdoorChinaCybersecuritydata theftFrenchGovernmentRATSpear phishingTaiwan
ADVERTISEMENT

Related Posts

APT43 (Kimsuky, Thallium) – North Korea

May 30, 2023

APT42 (TA453, Mint Sandstorm) – Iran

May 30, 2023
APT41 (WICKED PANDA, TG-2633) – China

APT41 (WICKED PANDA, TG-2633) – China

August 16, 2021
APT40 (Leviathan, BRONZE MOHAWK) – China

APT40 (Leviathan, BRONZE MOHAWK) – China

August 16, 2021

More Articles

Course

Improving Mobile Quality with Shift-Right Testing

March 30, 2022
Entertainment

Track Down – Takedown (2000)

September 26, 2020
APT

APT2 – PLA 61486, Putter Panda (China)

August 10, 2021
Tool

Aruba RFProtect

May 20, 2022
Tool

Powerfuzzer

November 5, 2020
Alerts

NSA Publishes Security Guidance for Organizations Transitioning to IPv6

January 23, 2023
Report

Sophos 2023 Threat Report

March 21, 2023

Privacy

March 8, 2021
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.