Antlion

Description

(Symantec) Antlion is believed to have been involved in espionage activities since at least 2011, and this recent activity shows that it is still an actor to be aware of more than 10 years after it first appeared.

The length of time that Antlion was able to spend on victim networks is notable, with the group able to spend several months on victim networks, affording plenty of time to seek out and exfiltrate potentially sensitive information from infected organizations. The targeting of Taiwan is perhaps unsurprising given we know Chinese state-backed groups tend to be interested in organizations in that region.

Names

Name	Name-Giver
Antlion	?

Country

China

Motivation

Information theft and espionage

First Seen

2011

Observed Sectors

Financial
Manufacturing

Observed Countries

Taiwan

Tools

CheckID
EHAGBPSL
ENCODE MMC
JpgRun
NetSessionEnum
ProcDump
PsExec
xPack
WinRAR
Living off the Land

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks

Other Information

Uuid

d3d31dfb-086b-437d-92f8-bb116d2177eb

Last Card Change

2022-02-04

Threat Intelligence Garden

Explorer

Antlion

Antlion

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks