APT 3, Gothic Panda, Buckeye

[2007] hupigon And Pirpi Backdoors (https://www.fireeye.com/blog/threat-research/2010/11/ie-0-day-hupigon-joins-the-party.html)

[2014-04] operation �clandestine Fox� (fireeye Research Labs Identified A New Internet Explorer (ie) Zero-day Exploit Used In Targeted Attacks. The Vulnerability Affects Ie6 Through Ie11, But The Attack Is Targeting Ie9 Through Ie11. This Zero-day Bypasses Both Aslr And Dep. Microsoft Has Assigned Cve-2014-1776 To The Vulnerability And Released Security Advisory To Track This Issue. (https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html)

[2014-06] operation �clandestine Fox�, Part Deux (while Microsoft Quickly Released A Patch To Help Close The Door On Future Compromises, We Have Now Observed The Threat Actors Behind �operation Clandestine Fox� Shifting Their Point Of Attack And Using A New Vector To Target Their Victims: Social Networking. (https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html)

[2014-11] operation �double Tap� (this Actor Initiated Their Most Recent Campaign On November 19, 2014 Targeting Multiple Organizations. The Attacker Leveraged Multiple Exploits, Targeting Both Cve-2014-6332 And Cve-2014-4113. (https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html)

[2015-06] operation �clandestine Wolf� (in The Last Several Weeks, Apt3 Actors Launched A Large-scale Phishing Campaign Against Organizations In The Following Industries: Aerospace And Defense, Construction And Engineering, High Tech, Telecommunications And Transportation. (https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html)

[2016-03] variant Of The Doublepulsar Backdoor (beginning In March 2016, Buckeye Began Using A Variant Of Doublepulsar (backdoor.doublepulsar), A Backdoor That Was Subsequently Released By The Shadow Brokers In 2017. Doublepulsar Was Delivered To Victims Using A Custom Exploit Tool (trojan.bemstour) That Was Specifically Designed To Install Doublepulsar. (https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit (https://research.checkpoint.com/upsynergy/)

[2016-03] buckeye Cyberespionage Group Shifts Gaze From Us To Hong Kong (https://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong