CN

TEMP_HereticTEMP_Heretic

Also known as: TEMP_Heretic

Origin
CN
Known aliases
1

Profile

TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Zimbra, to exfiltrate emails from government, military, and media organizations. They use multiple outlook.com email addresses and manually craft content for each email before sending it.

Aliases· 1

TEMP_Heretic

References

  1. https://www.welivesecurity.com/en/eset-research/mass-spreading-campaign-targeting-zimbra-users/
  2. https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TEMP.Hermit
Actor
Hellsing
Actor
Scripted Sparrow
Actor
TA530
Actor
Storm-1286
Software
Zimbra
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.