# SPDX-License-Identifier: CC0-1.0 # # Copyright (C) 2024 Wojtek Kosior --- # "targets" are countries, groups thereof or regions of Earth. Only to most # often attacked ones are listed for each group. A country listed for one group # may overlap with a region listed (for example: for APT12 we have "Taiwan" # listed next to "East Asia groups: - name: admin@338 origin: China targets: - where: HongKong ref: china-based-threat sectors: - sector: defense ref: rpt-poison-ivy - sector: government ref: rpt-poison-ivy - sector: finance # "finance, economic and trade policy" in our source ref: [rpt-poison-ivy, china-based-threat] - sector: telecommunications/satellites # only "telecommunications" in our # source ref: rpt-poison-ivy - sector: media ref: china-based-threat goals: - goal: espionage ref: china-based-threat references: - label: rpt-poison-ivy URL: https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf - label: china-based-threat URL: https://cloud.google.com/blog/topics/threat-intelligence/china-based-threat/ - name: Agrius origin: Iran targets: - where: Israel ref: [evol-agrius, agrius-moneybird] - where: Middle East ref: evol-agrius sectors: - sector: education ref: agrius-moneybird - sector: insurance ref: agrius-moneybird goals: - goal: espionage ref: evol-agrius - goal: disruption ref: [evol-agrius, agrius-moneybird] - goal: extortion ref: [evol-agrius, agrius-moneybird] references: - label: evol-agrius URL: https://assets.sentinelone.com/sentinellabs/evol-agrius - label: agrius-moneybird URL: https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/ - name: ALLANITE origin: Russia targets: - where: US ref: dragos-allanite - where: UK ref: dragos-allanite sectors: - sector: energy # "electric utility" in our source ref: dragos-allanite goals: - goal: espionage ref: dragos-allanite - goal: disruption ref: dragos-allanite references: - label: dragos-allanite URL: https://www.dragos.com/threat/allanite/ - name: Aoqin Dragon origin: China targets: - where: East Asia # "southeast Asia" in the source ref: aoqin-newly-discovered - where: Australia ref: aoqin-newly-discovered sectors: - sector: government ref: aoqin-newly-discovered - sector: education ref: aoqin-newly-discovered - sector: telecommunications/satellites # only "telecommunications" in our # source ref: aoqin-newly-discovered goals: - goal: espionage ref: aoqin-newly-discovered references: - label: aoqin-newly-discovered URL: https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/ - name: APT1 origin: China targets: - where: US ref: mandiant-apt1-report sectors: - sector: information technology ref: mandiant-apt1-report - sector: aerospace ref: mandiant-apt1-report - sector: public administration ref: mandiant-apt1-report - sector: public administration ref: mandiant-apt1-report - sector: telecommunications/satellites ref: mandiant-apt1-report - sector: scientific research and consulting ref: mandiant-apt1-report - sector: energy ref: mandiant-apt1-report - sector: transportation ref: mandiant-apt1-report - sector: construction/manufacturing # "construction and manufacturing" # in our source ref: mandiant-apt1-report - sector: non-government organizations # "international organizations" in # our source ref: mandiant-apt1-report - sector: engineering services ref: mandiant-apt1-report - sector: electronics ref: mandiant-apt1-report - sector: legal services ref: mandiant-apt1-report - sector: media # "media, advertising and entertainment" in our source ref: mandiant-apt1-report - sector: navigation ref: mandiant-apt1-report goals: - goal: espionage ref: mandiant-apt1-report references: - label: mandiant-apt1-report ref: https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf - name: APT12 origin: China targets: - where: East Asia ref: microtrends-ixeshe - where: Taiwan ref: microtrends-ixeshe sectors: - sector: electronics ref: microtrends-ixeshe - sector: telecommunications/satellites # only "telecommunications" in our # source ref: microtrends-ixeshe goals: - goal: espionage ref: mandiant-2014-report references: - label: mandiant-2014-report URL: https://web.archive.org/web/20140913050920/https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf - label: microtrends-ixeshe # uses name "IXESHE" rather than "APT12" URL: https://web.archive.org/web/20190808160128/https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf - name: APT16 origin: China targets: - where: Taiwan ref: the-eps-awakens sectors: # The source mentions more attacks but doesn't attribute them with # certainty to APT16. - sector: media # "media and entertainment" in our source ref: the-eps-awakens goals: - goal: espionage references: - label: the-eps-awakens URL: https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html - name: APT17 origin: China targets: - where: US ref: apt17-report sectors: - sector: government ref: apt17-report - sector: defense ref: apt17-report - sector: information technology ref: apt17-report - sector: legal services # "law firms" in our source ref: apt17-report - sector: mining ref: apt17-report - sector: non-government organizations ref: apt17-report # No goals were explicitly named in our source. references: - label: apt17-report URL: https://web.archive.org/web/20240119213200/https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf - name: APT18 origin: China targets: - where: US ref: bugcrowd-apt18 sectors: # Besides the ones below, our source also mentions "technology" and "high # technology" which are to broad/ambigious for us to use here. - sector: construction/manufacturing ref: bugcrowd-apt18 - sector: government ref: bugcrowd-apt18 - sector: medical # "healthcare" in our source ref: bugcrowd-apt18 - sector: defense ref: bugcrowd-apt18 - sector: telecommunications/satellites # only "telecommunications" in our # source ref: bugcrowd-apt18 - sector: non-government organizations # "human rights groups" and # "non-profit" in our source ref: bugcrowd-apt18 - sector: engineering services # "engineering" in our source ref: bugcrowd-apt18 - sector: energy ref: bugcrowd-apt18 - sector: education ref: bugcrowd-apt18 - sector: aerospace ref: bugcrowd-apt18 - sector: transportation ref: bugcrowd-apt18 - sector: biotechnology ref: bugcrowd-apt18 goals: - goal: espionage ref: bugcrowd-apt18 references: - label: bugcrowd-apt18 URL: https://www.bugcrowd.com/glossary/apt18/ - name: APT19 origin: China targets: - where: US # Forbes is an American magazine. ref: darkreading-codoso-team - where: Hong Kong # Forbes is also owned b a Hong Kong-based group. ref: darkreading-codoso-team sectors: - sector: legal services # "legal" in our source ref: fireeye-apt-groups - sector: finance # "investment" in our source ref: [fireeye-apt-groups, darkreading-codoso-team] - sector: defense ref: darkreading-codoso-team - sector: dissident groups ref: darkreading-codoso-team - sector: medical # "pharmaceutical" in our source ref: darkreading-codoso-team - sector: energy ref: darkreading-codoso-team goals: - goal: espionage ref: darkreading-codoso-team references: - label: darkreading-codoso-team URL: https://www.darkreading.com/cyberattacks-data-breaches/chinese-hacking-group-codoso-team-uses-forbes-com-as-watering-hole - name: APT28 origin: Russia targets: - where: US ref: mandiant-apt28 - where: Europe ref: [fireeye-apt-groups, mandiant-apt28] - where: NATO ref: fireeye-apt-groups - where: former Soviet Union # "Caucasus" and "eastern European countries" # in `fireeye-apt-groups' ref: [fireeye-apt-groups, mandiant-apt28] - where: Georgia ref: fireeye-apt-groups sectors: - sector: defense # "militaries", "security organizations" and "defense # firms" in our source ref: fireeye-apt-groups - sector: government ref: mandiant-apt28 - sector: dissident groups ref: mandiant-apt28 - sector: religious groups ref: mandiant-apt28 - sector: sport # the World Anti-Doping Agency ref: mandiant-apt28 goals: - goal: espionage ref: mandiant-apt28 references: - label: mandiant-apt28 URL: https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf - name: APT29 origin: Russia targets: - where: US ref: [eset-operation-ghost-dukes, cyber-case-study-solarwinds] - where: Norway ref: eset-operation-ghost-dukes - where: Europe # 3 EU ministries and a Washington DC embassy ref: eset-operation-ghost-dukes sectors: - sector: government ref: eset-operation-ghost-dukes - sector: drug dealers # a reuse of hacking tools… ref: eset-operation-ghost-dukes goals: - goal: espionage ref: [eset-operation-ghost-dukes, cyber-case-study-solarwinds] references: - label: eset-operation-ghost-dukes URL: https://web-assets.esetstatic.com/wls/2019/10/ESET_Operation_Ghost_Dukes.pdf - label: cyber-case-study-solarwinds URL: https://ollisakersarney.com/wp-content/uploads/2021/10/Cyber_Case_Study_-_SolarWinds_Supply_Chain_Cyberattack.pdf - name: APT3 origin: China targets: - where: US ref: chinas-cyber-capabilities - where: Germany # Siemens AG is a German company ref: chinas-cyber-capabilities sectors: - sector: information technology ref: chinas-cyber-capabilities - sector: aerospace ref: fireeye-apt-groups - sector: defense ref: fireeye-apt-groups - sector: construction/manufacturing # "construction and engineering" in # our source ref: fireeye-apt-groups - sector: telecommunications/satellites ref: [fireeye-apt-groups, chinas-cyber-capabilities] goals: - goal: espionage ref: chinas-cyber-capabilities references: - label: chinas-cyber-capabilities URL: https://www.uscc.gov/sites/default/files/2022-11/Chapter_3_Section_2--Chinas_Cyber_Capabilities.pdf - name: APT30 origin: China targets: - where: East Asia # Association of Southeast Asian Nations in our source ref: fireeye-apt-groups sectors: - sector: government ref: fireeye-apt30 - sector: media ref: fireeye-apt30 goals: - goal: espionage ref: fireeye-apt30 references: - label: fireeye-apt30 URL: https://scadahacker.com/library/Documents/Cyber_Events/Fireeye%20-%20APT30.pdf - name: APT33 origin: Iran sectors: - sector: aerospace # "aviation" in `hivepro-apt33' ref: [fireeye-apt-groups, hivepro-apt33] - sector: energy ref: [fireeye-apt-groups, hivepro-apt33] - sector: construction/manufacturing # only "construction" in our source ref: hivepro-apt33 - sector: defense ref: hivepro-apt33 - sector: education ref: hivepro-apt33 - sector: finance ref: hivepro-apt33 - sector: medical # "healthcare" and "pharmaceutical" in our source ref: hivepro-apt33 - sector: government ref: hivepro-apt33 - sector: telecommunications/satellites ref: hivepro-apt33 goals: - goal: espionage ref: hivepro-apt33 references: - label: hivepro-apt33 URL: https://www.hivepro.com/wp-content/uploads/2023/09/APT-33-Uses-Password-Spray-Campaigns-to-Infiltrate-Organizations_TA2023375.pdf - name: APT39 origin: Iran targets: - where: US ref: fireeye-apt39 - where: Middle East ref: fireeye-apt39 sectors: - sector: telecommunications/satellites # only "telecommunications" in our # source ref: fireeye-apt39 - sector: travel ref: fireeye-apt39 - sector: government ref: fireeye-apt39 goals: - goal: espionage ref: fireeye-apt39 references: - label: fireeye-apt39 URL: https://attack.mitre.org/docs/training-cti/FireEye%20APT39%20-%20original%20report.pdf - name: APT41 origin: China targets: - where: East Asia ref: rt-apt41-dual-operation - where: US ref: rt-apt41-dual-operation - where: India ref: rt-apt41-dual-operation - where: Europe ref: rt-apt41-dual-operation - where: South Africa ref: rt-apt41-dual-operation sectors: - sector: medical ref: rt-apt41-dual-operation - sector: telecommunications/satellites # only "telecommunications" in our # source ref: rt-apt41-dual-operation - sector: education ref: rt-apt41-dual-operation - sector: travel ref: rt-apt41-dual-operation - sector: media ref: rt-apt41-dual-operation - sector: video games ref: rt-apt41-dual-operation - sector: information technology ref: rt-apt41-dual-operation - sector: retail ref: rt-apt41-dual-operation - sector: virtual currencies ref: rt-apt41-dual-operation goals: - goal: espionage ref: rt-apt41-dual-operation - goal: financial theft ref: rt-apt41-dual-operation references: - label: rt-apt41-dual-operation URL: https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf # Going alphabetically, now we'd have APT5. It's been omitted because neither # the NSA'a Threat Hunting Guidance[1] nor the description from # ^[fireeye-apt-groups] actually state its origin. Some sources call it a # Chinese group but those can be considered less reliable than these 2. - name: Aquatic Panda origin: China sectors: - sector: education ref: overwatch-exposes-aquatic-panda - sector: telecommunications/satellites # only "telecommunications" in our # source ref: overwatch-exposes-aquatic-panda - sector: government ref: overwatch-exposes-aquatic-panda goals: - goal: espionage ref: overwatch-exposes-aquatic-panda references: - label: overwatch-exposes-aquatic-panda URL: https://www.crowdstrike.com/en-us/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/ - name: Axiom origin: China targets: - where: Europe ref: novetta-executive-summary - where: East Asia ref: novetta-executive-summary - where: US ref: novetta-executive-summary sectors: - sector: media # "journalists" in our source ref: novetta-executive-summary - sector: information technology # "software companies" in our source ref: novetta-executive-summary - sector: education ref: novetta-executive-summary - sector: government ref: novetta-executive-summary - sector: telecommunications ref: novetta-executive-summary - sector: non-government organizations ref: novetta-executive-summary goals: - goal: espionage ref: novetta-executive-summary references: - label: novetta-executive-summary URL: https://web.archive.org/web/20230211014413/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf - name: BackdoorDiplomacy origin: China targets: - where: Middle East ref: bitdefender-backdoordiplomacy - where: Europe ref: hivepro-backdoordiplomacy - where: South Africa ref: hivepro-backdoordiplomacy - where: Namibia ref: hivepro-backdoordiplomacy - where: South Asia ref: hivepro-backdoordiplomacy sectors: - sector: government ref: hivepro-backdoordiplomacy - sector: telecommunications/satellites # only "telecommunications" in our # source ref: hivepro-backdoordiplomacy goals: - goal: espionage ref: bitdefender-backdoordiplomacy references: - label: bitdefender-backdoordiplomacy URL: https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf - label: hivepro-backdoordiplomacy URL: https://www.hivepro.com/wp-content/uploads/2022/12/BackdoorDiplomacy-targets-the-telecom-industry-in-the-Middle-East_TA2022285.pdf - name: BlackTech origin: China targets: - where: East Asia ref: nnt-blacktech - where: US ref: nnt-blacktech goals: - goal: espionage ref: nnt-blacktech references: - label: csa-blacktech URL: https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF - label: nnt-blacktech URL: https://jp.security.ntt/resources/EN-BlackTech_2021.pdf - name: BRONZE BUTLER origin: China targets: - where: Japan ref: butler-targets-japanese sectors: - sector: government ref: hivepro-butler - sector: defense ref: hivepro-butler goals: - goal: espionage ref: butler-targets-japanese references: - label: butler-targets-japanese URL: https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses - label: hivepro-butler URL: https://www.hivepro.com/wp-content/uploads/2023/03/TA2023135.pdf - name: Chimera origin: China targets: - where: Taiwan ref: cycraft-chimera sectors: - sector: electronics ref: cycraft-chimera goals: - goal: espionage ref: cycraft-chimera references: - label: cycraft-chimera URL: https://uploads-ssl.webflow.com/6667e1c7aa0aa53cf61a022c/66bc65e430aa86747891a088_%5BTLP-White%5D20200415%20Chimera_V4.2.pdf - name: Cinnamon Tempest origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Cleaver origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: CopyKittens origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: CURIUM origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: CyberAv3ngers origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Daggerfly origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Deep Panda origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Dragonfly origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: DragonOK origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Earth Lusca origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Elderwood origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Ember Bear origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Ferocious Kitten origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Fox Kitten origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: GALLIUM origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Gamaredon Group origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: HAFNIUM origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: IndigoZebra origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Indrik Spider origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Ke3chang origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Lazarus Group origin: North Korea targets: - where: South Korea ref: trendmicro-lazarus - where: US ref: trendmicro-lazarus - where: Vietnam ref: trendmicro-lazarus sectors: - sector: government ref: trendmicro-lazarus - sector: finance ref: trendmicro-lazarus - sector: media ref: trendmicro-lazarus - sector: defense ref: trendmicro-lazarus goals: - goal: espionage ref: trendmicro-lazarus - goal: disruption ref: trendmicro-lazarus - goal: extortion ref: trendmicro-lazarus - goal: financial theft ref: trendmicro-lazarus references: - label: trendmicro-lazarus URL: https://www.trendmicro.com/vinfo/nl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations - name: Leafminer origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Leviathan origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Lotus Blossom origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Magic Hound origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: menuPass origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Moafee origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Mofang origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Moonstone Sleet origin: North Korea # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Moses Staff origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: MuddyWater origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Mustang Panda origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Naikon origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Nomadic Octopus origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: OilRig origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: PittyTiger origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Putter Panda origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Saint Bear origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Sandworm Team origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Silent Librarian origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Star Blizzard origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Suckfly origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Threat Group-3390 origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Tonto Team origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Tropic Trooper origin: China # mitre.org calls it unaffiliated but at least one of the # sources calls it "China-backed" and its set of targets is # consistent with that of other Chinese APTs. # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Turla origin: Russia # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: UNC788 origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Volt Typhoon origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Windshift origin: Iran # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: - name: Winnti Group origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: # Going alphabetically, now we'd have Winter Vivern. It's been omitted # because there is no clue as to whether it is actually a Russian group or a # Belorussian one. - name: ZIRCONIUM origin: China # targets: # - where: # ref: # - where: # ref: # sectors: # - sector: # ref: # - sector: # ref: # goals: # - goal: # ref: # references: # - label: # URL: # Below we keep references that are used in profiles of multiple groups. references: label: fireeye-apt-groups URL: https://web.archive.org/web/20180806122230/https://www.fireeye.com/current-threats/apt-groups.html#apt19