CNChinaconfidence: 75

TianWuTianWu

Also known as: TianWu

Origin
CN
Known aliases
1
Target sectors
8
Attribution
State-sponsored

Profile

TianWu is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private Sector, Gambling companies, Gaming, Information technology, Telecommunications, Government, Transportation systems, and Dissident sectors. Documented victim organisations include China, Hong Kong, Kazakhstan and 2 other named victims.

Aliases· 1

TianWu

Target sectors· 8

Private SectorGambling companiesGamingInformation technologyTelecommunicationsGovernmentTransportation systemsDissident

Known victims· 5

  • China
  • Hong Kong
  • Kazakhstan
  • Taiwan
  • Philippines

References

  1. https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf
  2. https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf
  3. https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies
  4. https://github.com/avast/ioc/tree/master/OperationDragonCastling

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT27
Actor
TAG-28
Actor
TA530
Actor
Antlion
Actor
SAMURAI PANDA
Actor
TEMPER PANDA
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.