DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home APT

APT26 (Turbine Panda) – China

Reading Time: 3 mins read
in APT
Names APT26 (Mandiant), China Turbine Panda (CrowdStrike), Shell Crew (RSA), WebMasters (Kaspersky), KungFu Kittens (FireEye), Group 13 (Talos), Black Vine (Symantec), Bronze Express (SecureWorks)
Additional Names PinkPanther (RSA), JerseyMikes 
Location China
Date of initial activity 2010
Suspected attribution State-sponsored, the Jiangsu Bureau of the MSS (JSSD/江苏省国家安全厅)
Motivation Information theft and espionage Financial crime
Associated tools Cobalt Strike, Derusbi, FormerFirstRAT, Hurix, Mivast, PlugX, Sakula RAT, StreamEx, Winnti, Living off the Land.

 

Overview

 

APT26 engages in cyber operations where the goal is intellectual property theft, usually focusing on the data and projects that make a particular organization competitive within its field.

Targets

Aerospace, Defense, and Energy sectors, among others.

Attack vectors

The group frequently uses strategic web compromises to gain access to target networks and custom backdoors once they are inside a victim environment.

How they work

Attack and IE 0day Information Used Against Council on Foreign Relations. Regarding information’s posted on the Washington Free Beacon, infected CFR.org website was used to attack visitors in order to extract valuable information’s.

The “drive-by” attack was detected around 2:00 pm on Wednesday 26 December and CFR members who visited the website between Wednesday and Thursday could have been infected and their data compromised, the specialists said. Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack.

Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years.

During recent engagements, the RSA IR Team has responded to multiple incidents involving a common adversary targeting each client’s infrastructure and assets.

The RSA IR Team is referring to this threat group internally as “Shell_Crew”; however, they are also referred to as Deep Panda, WebMasters, KungFu Kittens, SportsFans, and PinkPanther amongst the security community.

 

References:

  • Advanced Persistent Threats (APTs) – APT26
  • Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years
Tags: Advanced Persistent ThreatAerospaceAPTAPT26ChinaChina Turbine PandaCyberattackCybersecurityDefensedrive-by attackintelligenceShell Crew
ADVERTISEMENT

Related Posts

APT43 (Kimsuky, Thallium) – North Korea

May 30, 2023

APT42 (TA453, Mint Sandstorm) – Iran

May 30, 2023
APT41 (WICKED PANDA, TG-2633) – China

APT41 (WICKED PANDA, TG-2633) – China

August 16, 2021
APT40 (Leviathan, BRONZE MOHAWK) – China

APT40 (Leviathan, BRONZE MOHAWK) – China

August 16, 2021

More Articles

Alerts

RedEyes hackers use new malware to steal data from Windows

February 15, 2023

Cryptopia: Bitcoin, Blockchains and the Future of the Internet (2020)

February 24, 2021
Alerts

Adobe security advisory (AV22-590)

October 19, 2022
News

Ransomware and Zero-Days

August 18, 2023
Incidents

Battle for the Galaxy: 6 Million Gamers Hit by Data Leak

June 2, 2021
Vendors

BAE Systems

October 31, 2022
Book

Secret Key Cryptography: Ciphers, from simple to unbreakable

February 21, 2023
Cyber101

Disaster Recovery Plan

June 15, 2022
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.