TheWizardsTheWizards

Also known as: TheWizards

Known aliases
1

Profile

TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legitimate software updates to malicious servers. They have developed the WizardNet backdoor for Windows and serve DarkNights to Android applications, indicating a connection to Dianke Network Security Technology. The group targets individuals and companies in the Philippines, Cambodia, the UAE, mainland China, and Hong Kong. ESET has observed their infrastructure and tools, including the acquisition of servers for hosting C&C and malicious updates.

Aliases· 1

TheWizards

References

  1. https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
  2. https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
WIZARD SPIDER
Actor
TaskMasters
Actor
DarkHotel
Actor
APT19
Actor
CloudSorcerer
Actor
CardinalLizard
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.