top of page
Mitre
Alias
Scandium, G0026, Apt18, Dynamite Panda, Tg-0416, Wekby, Apt 18, Pla Navy
Country
China
Sponsor
Pla Navy, China. State-sponsored, State-sponsored
Motivation
Information Theft And Espionage
First Seen
2009
Description
Wekby was described by Palo Alto Networks in a 2016 report as: �Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of {{Hacking Team}}�s Flash zero-day exploit.�
This threat group has been seen since 2009.
APT 18 may be related to {{Night Dragon}} and/or {{Nitro, Covert Grove}}.
Targeted
Industries
Government, Aerospace, Defense, Construction, Biotechnology, High-tech, Education, Telecommunications, Civil Society, Private Sector, Healthcare, Engineering, Transportation
Targeted
Countries
United States, Usa
Tools
Atnow
Httpbrowser
Gh0st Rat
Gh0st
Pisloader
Stickyfingers
Hcdloader
0-day Exploits For Flash
TTP
T1133
T1027
T1071
T1053
T1071.004
T1059.003
T1105
T1083
T1070
T1070.004
T1071.001
T1053.002
T1059
T1082
T1078
T1547
T1547.001
Operations
Performed
[2014-04] community Health Systems Data Breach (https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828/ (https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls)
[2015-06] attacks Using Dns Requests As Command And Control Mechanism (method: Phishing With Obfuscated Variants Of The Httpbrowser Tool. (https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop (https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html)
[2016-05] attacks Using Dns Requests As Command And Control Mechanism (target: Organizations In The Usa. (method: Phishing With Pisloader Dropper. (https://unit42.paloaltonetworks.com/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
Counter
Operations
Nil
Information
nil
bottom of page