gptkbp:instanceOf
|
cybercrime
|
gptkbp:activeYearsStart
|
at least 2013
|
gptkbp:alsoKnownAs
|
gptkb:Gadolinium
cathedral
TEMP.Periscope
|
gptkbp:area
|
gptkb:Australia
gptkb:Europe
gptkb:Southeast_Asia
gptkb:United_States
gptkb:Asia-Pacific
|
gptkbp:attributedTo
|
gptkb:US_Department_of_Justice
gptkb:FireEye
gptkb:Mandiant
gptkb:Australian_Cyber_Security_Centre
|
gptkbp:baseOfOperations
|
gptkb:Hainan,_China
|
gptkbp:category
|
cybercrime
Advanced Persistent Threat
state-sponsored group
|
gptkbp:connectsTo
|
Hainan Xiandun Technology Development Co., Ltd.
|
gptkbp:countryOfOrigin
|
gptkb:China
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT40
|
gptkbp:indictedMembers
|
Cheng Qingmin
Ding Xiaoyang
Wu Shurong
Zhu Yunmin
|
gptkbp:notableFor
|
2018
2021
|
gptkbp:notableOperation
|
attacks on Southeast Asian governments
attacks on Australian organizations
targeting of US Navy contractors
|
gptkbp:primaryMotivation
|
espionage
|
gptkbp:suspect
|
gptkb:Ministry_of_State_Security_(China)
gptkb:Chinese_government
|
gptkbp:tactics
|
spear phishing
watering hole attacks
custom malware deployment
supply chain compromise
|
gptkbp:target
|
universities
maritime industries
healthcare sector
government organizations
defense sector
engineering firms
aviation sector
|
gptkbp:usesMalware
|
gptkb:China_Chopper
gptkb:PhotoMiner
gptkb:PlugX
gptkb:QuasarRAT
gptkb:SeaDuke
gptkb:Cobalt_Strike
gptkb:Derusbi
RATs (Remote Access Trojans)
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
gptkbp:bfsLayer
|
7
|