G0022

G0022APT3

Description

[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye) In 2017, MITRE developed an APT3 Adversary Emulation Plan.(Citation: APT3 Adversary Emulation Plan)

References

  1. https://attack.mitre.org/groups/G0022
  2. https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
  3. https://www.recordedfuture.com/chinese-mss-behind-apt3/
  4. https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
  5. http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong
  6. https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf
  7. http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html

Software attributed to this1

TypeTargetConfidenceTier
SoftwareRemoteCMDs016695%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT22
Group
APT12
Actor
APT30
Group
APT16
Group
APT17
Actor
APT21
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.