|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2011
|
|
gptkbp:alsoKnownAs
|
gptkb:Twisted_Spider
gptkb:Violin_Panda
|
|
gptkbp:area
|
gptkb:Asia
gptkb:Europe
gptkb:Middle_East
gptkb:United_States
|
|
gptkbp:associatedWith
|
gptkb:Chinese_cyber_espionage_operations
|
|
gptkbp:attributedTo
|
gptkb:Chinese_government
|
|
gptkbp:countryOfOrigin
|
gptkb:China
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT20
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
finance
healthcare
telecommunications
|
|
gptkbp:knownFor
|
custom malware
credential theft
web server exploitation
VPN exploitation
sophisticated cyber espionage
|
|
gptkbp:notableBattle
|
attacks on managed service providers
2018-2019 global campaign exploiting VPN vulnerabilities
|
|
gptkbp:reportsTo
|
gptkb:Kaspersky
gptkb:FireEye
gptkb:Fox-IT
|
|
gptkbp:TTPs
|
data exfiltration
living off the land
lateral movement
privilege escalation
use of stolen credentials
|
|
gptkbp:usesMalware
|
gptkb:HTShell
custom backdoors
web shells
ChChes
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
gptkb:Operation_Wocao
gptkb:Hacker
|
|
gptkbp:bfsLayer
|
7
|