|
gptkbp:instanceOf
|
cyber threat group
|
|
gptkbp:alsoKnownAs
|
gptkb:Gothic_Panda
gptkb:UPS_Team
Buckeye
|
|
gptkbp:area
|
gptkb:Hong_Kong
gptkb:United_States
multiple countries
|
|
gptkbp:attributedTo
|
gptkb:Ministry_of_State_Security_(China)
|
|
gptkbp:connectsTo
|
gptkb:Chinese_Ministry_of_State_Security_contractors
|
|
gptkbp:countryOfOrigin
|
gptkb:China
|
|
gptkbp:exploits
|
gptkb:CVE-2022-22954
gptkb:CVE-2017-0199
gptkb:CVE-2017-0261
gptkb:CVE-2017-0263
gptkb:CVE-2021-34527
gptkb:CVE-2014-6332
gptkb:CVE-2015-5119
gptkb:CVE-2017-11882
gptkb:CVE-2017-8464
gptkb:CVE-2017-8759
gptkb:CVE-2018-8174
gptkb:CVE-2019-0708
gptkb:CVE-2019-0808
gptkb:CVE-2019-19781
gptkb:CVE-2019-2725
gptkb:CVE-2019-3396
gptkb:CVE-2020-0688
gptkb:CVE-2020-10189
gptkb:CVE-2020-1350
gptkb:CVE-2021-21985
gptkb:CVE-2021-26855
gptkb:CVE-2022-30190
gptkb:CVE-2023-23397
gptkb:CVE-2023-28252
gptkb:CVE-2023-36884
gptkb:CVE-2023-38831
gptkb:CVE-2023-42793
gptkb:CVE-2023-4863
gptkb:CVE-2023-5217
gptkb:CVE-2024-21412
gptkb:CVE-2024-3094
gptkb:CVE-2024-3400
gptkb:CVE-2024-4577
gptkb:CVE-2024-6387
gptkb:CVE-2021-44228
gptkb:CVE-2019-11510
gptkb:CVE-2023-34362
|
|
gptkbp:firstReported
|
2010
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT3
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
gptkb:technology
defense
telecommunications
|
|
gptkbp:mitreGroupId
|
G0022
|
|
gptkbp:mitreReference
|
https://attack.mitre.org/groups/G0022/
|
|
gptkbp:notableBattle
|
gptkb:Operation_Clandestine_Fox
gptkb:Operation_Double_Tap
gptkb:Operation_Clandestine_Wolf
|
|
gptkbp:notableFeature
|
highly sophisticated
persistent targeting
uses zero-day vulnerabilities
|
|
gptkbp:notableTool
|
gptkb:Cobalt_Strike
gptkb:Metasploit
gptkb:Mimikatz
PowerShell scripts
custom backdoors
|
|
gptkbp:suspect
|
gptkb:Chinese_government
|
|
gptkbp:tactics
|
custom malware
spear phishing
supply chain attacks
watering hole attacks
zero-day exploits
credential theft
|
|
gptkbp:usesMalware
|
gptkb:PlugX
gptkb:CUPP
gptkb:CookieCutter
gptkb:Pirpi
gptkb:Remote_Access_Tools
SHOTPUT
|
|
gptkbp:bfsParent
|
gptkb:Olympic_Destroyer
gptkb:Operation_Olympic_Destroyer
|
|
gptkbp:bfsLayer
|
6
|