top of page
Mitre
Alias
Violin Panda, Crawling Taurus, Apt20, Apt 8, Th3bug, Operation �wocao�, Apt 20
Country
China
Sponsor
Nil
Motivation
Information Theft And Espionage
First Seen
2014
Description
(Palo Alto) We�ve uncovered some new data and likely attribution regarding a series of APT watering hole attacks this past summer. Watering hole attacks are an increasingly popular component of APT campaigns, as many people are more aware of spear phishing and are less likely to open documents or click on links in unsolicited emails. Watering hole attacks offer a much better chance of success because they involve compromising legitimate websites and installing malware intended to compromise website visitors. These are often popular websites frequented by people who work in specific industries or have political sympathies to which the actors want to gain access.
In contrast to many other APT campaigns, which tend to rely heavily on spear phishing to gain victims, �th3bug� is known for compromising legitimate websites their intended visitors are likely to frequent. Over the summer they compromised several sites, including a well-known Uyghur website written in that native language.
This group could be related to {{Axiom, Group 72}}.
Targeted
Industries
Government, Defense, Construction, Energy, Chemical, Financial, Pharmaceutical, High-tech, Telecommunications, Uyghur Sympathizers, Healthcare, Aviation, Engineering, Transportation
Targeted
Countries
East Asia, Usa, Uk, Germany, Italy, Thailand, France, Spain, Brazil, Portugal, Mexico, China
Tools
Smbexec
Poison Ivy
Bloodhound
Procdump
Mimikatz
Psexec
Xserver
Sharphound
Living Off The Land
Winrar
Keethief
Poison
Living
Plugx
Kerberoast
TTP
Nil
Operations
Performed
[2017] operation �wocao� (https://resources.fox-it.com/rs/170-cak-271/images/201912_report_operation_wocao.pdf
Counter
Operations
Nil
Information
bottom of page