top of page
Mitre
Alias
Apt 4, Tg-0623, Apt4, Bronze Edison, Sykipot, Wisp Team, Maverick Panda, Pla Navy
Country
China
Sponsor
Pla Navy, China. State-sponsored, State-sponsored
Motivation
Information Theft And Espionage
First Seen
2007
Description
(Trend Micro) Sykipot has a history of primarily targeting US Defense Initial Base (DIB) and key industries such as telecommunications, computer hardware, government contractors, and aerospace. Open source review of 15 major Sykipot attacks over the last 6 years confirm this.
Recently, we encountered a case where Sykipot variants were gathering information related to the civil aviation sector. The exploitation occurred at a target consistent with their history, the information sought raises new interest. The intentions of this latest round of targeting are unclear, but it represents a change in shift in objectives or mission.
Targeted
Industries
Government, Military, Aerospace, Defense, Telecommunications, Aviation, Private Sector
Targeted
Countries
Usa, Hong Kong, United States, United Kingdom
Tools
Xmrig
Sykipot
TTP
Nil
Operations
Performed
[2011-12] are The Sykipot�s Authors Obsessed With Next Generation Us Drones? (https://cybersecurity.att.com/blogs/labs-research/are-the-sykipots-authors-obsessed-with-next-generation-us-drones)
[2012-01] sykipot Variant Hijacks Dod And Windows Smart Cards (https://cybersecurity.att.com/blogs/labs-research/sykipot-variant-hijacks-dod-and-windows-smart-cards)
[2012-07] sykipot Is Back (https://cybersecurity.att.com/blogs/labs-research/sykipot-is-back)
[2013-03] new Sykipot Developments (https://cybersecurity.att.com/blogs/labs-research/new-sykipot-developments)
[2013-09] sykipot Now Targeting Us Civil Aviation Sector Information (https://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/)
[2015] a Group Dubbed Apt4 Is Suspected To Be Behind A Breach Of An Asian Airline Company Discovered In The Second Quarter Of This Year. Its Attack Style Uses Well-written And Researched �spear-phishes� With Industry Themes. The Attacks Were Aimed At Public Key Infrastructure Targets. (https://www.digitalnewsasia.com/digital-economy/asia-in-the-crosshairs-of-apt-attackers-fireeye-cto)
[2018-10] the Report Also Mentions Some Attacks Conducted By Apt4 Which Includes Sending Malicious Emails To A Blockchain Gaming Start-up Last Year And Attacking A Cryptocurrency Exchange In June 2018. In Last October, The Group Also Used Xmrig, A Monero Cryptocurrency Mining Tool In The Target�s Computer. (https://mycryptomag.com/2019/08/08/cryptocurrency-firms-are-targets-of-state-sponsored-hacking-group-from-china/
Counter
Operations
Nil
Information
bottom of page