APT20

GPTKB entity

Statements (40)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2011
gptkbp:alsoKnownAs gptkb:Twisted_Spider
gptkb:Violin_Panda
gptkbp:area gptkb:Asia
gptkb:Europe
gptkb:Middle_East
gptkb:United_States
gptkbp:associatedWith gptkb:Chinese_cyber_espionage_operations
gptkbp:attributedTo gptkb:Chinese_government
gptkbp:countryOfOrigin gptkb:China
https://www.w3.org/2000/01/rdf-schema#label APT20
gptkbp:industry gptkb:energy
gptkb:government
finance
healthcare
telecommunications
gptkbp:knownFor custom malware
credential theft
web server exploitation
VPN exploitation
sophisticated cyber espionage
gptkbp:notableBattle attacks on managed service providers
2018-2019 global campaign exploiting VPN vulnerabilities
gptkbp:reportsTo gptkb:Kaspersky
gptkb:FireEye
gptkb:Fox-IT
gptkbp:TTPs data exfiltration
living off the land
lateral movement
privilege escalation
use of stolen credentials
gptkbp:usesMalware gptkb:HTShell
custom backdoors
web shells
ChChes
gptkbp:bfsParent gptkb:Operation_Winnti
gptkb:Operation_Wocao
gptkb:Hacker
gptkbp:bfsLayer 7