APT30

GPTKB entity

Statements (54)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2005
gptkbp:alsoKnownAs gptkb:Advanced_Persistent_Threat_30
gptkbp:associatedWith state-sponsored hacking
Chinese cyber espionage
gptkbp:connectsTo gptkb:Chinese_Communist_Party
gptkb:People's_Liberation_Army
gptkbp:countryOfOrigin gptkb:China
gptkbp:discoveredBy gptkb:FireEye
gptkbp:discoveredIn 2015
gptkbp:enemyOf custom malware
spear phishing
watering hole attacks
https://www.w3.org/2000/01/rdf-schema#label APT30
gptkbp:industry gptkb:government
gptkb:media
gptkb:military
aerospace
critical infrastructure
gptkbp:infrastructure malicious websites
phishing emails
compromised legitimate sites
dedicated command and control servers
gptkbp:mainLanguage gptkb:Chinese
gptkbp:majorCity gptkb:India
gptkb:Malaysia
gptkb:South_Korea
gptkb:Thailand
gptkb:United_States
gptkb:Vietnam
gptkbp:notableFor custom malware development
long-term cyber espionage
persistent infrastructure
targeting Southeast Asia
gptkbp:operatedBy gptkb:Chinese_government
gptkbp:reportURL https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt30.pdf
gptkbp:tactics command and control
data exfiltration
custom backdoors
zero-day exploits
credential theft
lateral movement
gptkbp:usesMalware gptkb:CLOUDSTORM
gptkb:FLASHFLOOD
gptkb:NETEAGLE
gptkb:SHIPSHAPE
gptkb:SPACEDESK
gptkb:SPACELAB
BACKSPACE
SHIPLAP
SPACESHIP
gptkbp:bfsParent gptkb:Operation_Winnti
gptkb:Hacker
gptkbp:bfsLayer 7