TW

GreenSpotGreenSpot

Also known as: PoisonVine · APT-Q-20 · GreenSpot

Origin
TW
Known aliases
3

Profile

GreenSpot is an APT group believed to operate from Taiwan, active since at least 2007, primarily targeting government, academic, and military entities in China through phishing campaigns. The group frequently targets 163.com, aiming to steal login credentials using deceptive domains, manipulated TLS certificates, and counterfeit interfaces. Their tactics highlight the sophistication of modern credential theft operations, necessitating detection efforts focused on irregular domain registrations and certificate anomalies.

Aliases· 3

PoisonVineAPT-Q-20GreenSpot

References

  1. https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing
  2. https://www.antiy.net/p/greenspotoperations-grow-for-many-years/
  3. https://www.virusbulletin.com/virusbulletin/2019/11/vb2019-paper-vine-climbing-over-great-firewall-longterm-attack-against-china/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
APT16
Actor
APT22
Actor
APT15
Actor
Greenbug
Actor
APT10
Actor
APT19
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.