C0014

C0014Operation Wocao

ATT&CK
14.1
References
2

Description

[Operation Wocao](https://attack.mitre.org/campaigns/C0014) was a cyber espionage campaign that targeted organizations around the world, including in Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States. The suspected China-based actors compromised government organizations and managed service providers, as well as aviation, construction, energy, finance, health care, insurance, offshore engineering, software development, and transportation companies.(Citation: FoxIT Wocao December 2019) Security researchers assessed the [Operation Wocao](https://attack.mitre.org/campaigns/C0014) actors used similar TTPs and tools as APT20, suggesting a possible overlap. [Operation Wocao](https://attack.mitre.org/campaigns/C0014) was named after an observed command line entry by one of the threat actors, possibly out of frustration from losing webshell access.(Citation: FoxIT Wocao December 2019)

References

  1. https://attack.mitre.org/campaigns/C0014
  2. https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Campaign
Operation CuckooBees
Campaign
Operation Sharpshooter
Campaign
Operation Ghost
Campaign
Operation Dust Storm
Campaign
CostaRicto
Group
Night Dragon
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.