Operation Wocao

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf cyber espionage operation
gptkbp:activePeriod 2016-2019
gptkbp:countryOfOrigin gptkb:China
gptkbp:discoveredBy gptkb:NCSS
gptkb:Fox-IT
gptkbp:enemyOf cybercrime
data exfiltration
gptkbp:exploits VPN vulnerabilities
remote desktop vulnerabilities
web server vulnerabilities
https://www.w3.org/2000/01/rdf-schema#label Operation Wocao
gptkbp:notableFor stealth techniques
targeting multiple continents
use of legitimate credentials
gptkbp:perpetrator gptkb:Twisted_Spider
gptkb:APT20
gptkbp:publicDisclosure December 2019
gptkbp:target gptkb:energy
gptkb:technology
universities
healthcare sector
government organizations
managed service providers
telecommunications sector
aviation sector
gptkbp:usesMalware gptkb:Cobalt_Strike
custom backdoors
web shells
gptkbp:bfsParent gptkb:FireEye
gptkbp:bfsLayer 6