Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT4 – Samurai Panda – CHINA

August 10, 2021
Reading Time: 2 mins read
in APT
APT23 – Pirate Panda – CHINA

APT4 appears to target the Defense Industrial Base (DIB) at a higher rate of frequency than other commercial organizations. However, APT4’s history of targeted intrusions is wide in scope. 

Name: Maverick Panda, Sykipot Group, Wisp, Samurai Panda

  • APT 4 (Mandiant)
  • APT 4 (FireEye)
  • Maverick Panda (CrowdStrike)
  • Wisp Team (Symantec)
  • Sykipot (AlienVault)
  • TG-0623 (SecureWorks)
  • Bronze Edison (SecureWorks)

Location: China

Suspected attribution: China

Date of initial activity: 2009

Targets: Aerospace and Defense, Industrial Engineering, Electronics, Automotive, Government, Telecommunications, and Transportation. Target selection tends to focus on Asia Pacific victims in Japan, the Republic of Korea, and other democratic Asian victims.

Motivation: Information theft and espionage

Associated malware: GETKYS, LIFESAVER, CCHIP, SHYLILT, SWEETTOOTH, PHOTO, SOGO

Attack vectors: APT4 actors often leverage spear phishing messages using U.S. government, Department of Defense, or defense industrial base themes. APT4 actors may repurpose valid content from government or U.S. DoD web sites within their message bodies to lend them legitimacy.

How they work: The implant delivered by Samurai Panda uses a typical installation process whereby they:

  1. Leverage a spearphish with an exploit to get control of the execution flow of the targeted application. This file “drops” an XOR-encoded payload that unpacks itself and a configuration file.
  2. Next, the implant, which can perform in several different modes, typically will install itself as a service and then begin beaconing out to an adversary-controlled host.
  3. If that command-and-control host is online, the malicious service will download and instantiate a backdoor that provides remote access to the attacker, who will see the infected host’s identification information as well as the campaign code.

APT4 actors often leverage spear phishing messages using U.S. government, Department of Defense, or defense industrial base themes. APT4 actors may repurpose valid content from government or U.S. DoD web sites within their message bodies to lend them legitimacy.

Tags: Advanced Persistent ThreatAPT4China
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Spyware in App Stores Steals Your Photos

Stealth Malware Targets Fortinet Firewalls

Prometei Botnet Attacks Servers for Crypto

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

Subscribe to our newsletter

    Latest Incidents

    Aflac Hacked in Spree on Insurance Firms

    CoinMarketCap Doodle Hack Steals Crypto

    UK’s Oxford Council Legacy Systems Breached

    Massive Leak Exposes 16 Billion Credentials

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial