|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2005
|
|
gptkbp:alsoKnownAs
|
gptkb:Advanced_Persistent_Threat_30
|
|
gptkbp:associatedWith
|
state-sponsored hacking
Chinese cyber espionage
|
|
gptkbp:connectsTo
|
gptkb:Chinese_Communist_Party
gptkb:People's_Liberation_Army
|
|
gptkbp:countryOfOrigin
|
gptkb:China
|
|
gptkbp:discoveredBy
|
gptkb:FireEye
|
|
gptkbp:discoveredIn
|
2015
|
|
gptkbp:enemyOf
|
custom malware
spear phishing
watering hole attacks
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT30
|
|
gptkbp:industry
|
gptkb:government
gptkb:media
gptkb:military
aerospace
critical infrastructure
|
|
gptkbp:infrastructure
|
malicious websites
phishing emails
compromised legitimate sites
dedicated command and control servers
|
|
gptkbp:mainLanguage
|
gptkb:Chinese
|
|
gptkbp:majorCity
|
gptkb:India
gptkb:Malaysia
gptkb:South_Korea
gptkb:Thailand
gptkb:United_States
gptkb:Vietnam
|
|
gptkbp:notableFor
|
custom malware development
long-term cyber espionage
persistent infrastructure
targeting Southeast Asia
|
|
gptkbp:operatedBy
|
gptkb:Chinese_government
|
|
gptkbp:reportURL
|
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt30.pdf
|
|
gptkbp:tactics
|
command and control
data exfiltration
custom backdoors
zero-day exploits
credential theft
lateral movement
|
|
gptkbp:usesMalware
|
gptkb:CLOUDSTORM
gptkb:FLASHFLOOD
gptkb:NETEAGLE
gptkb:SHIPSHAPE
gptkb:SPACEDESK
gptkb:SPACELAB
BACKSPACE
SHIPLAP
SPACESHIP
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
gptkb:Hacker
|
|
gptkbp:bfsLayer
|
7
|