SandCat

Description

(Kaspersky) SandCat is a relatively new APT group; we first observed them in 2018, although it would appear they have been around for some time,” Costin Raiu, director of global research and analysis team at Kaspersky Lab, told Threatpost. “They use both FinFisher/FinSpy [spyware] and the CHAINSHOT framework in attacks, coupled with various zero-days. Targets of SandCat have been mostly observed in Middle East, including but not limited to Saudi Arabia.

Names

Name	Name-Giver
SandCat	Kaspersky

Country

Uzbekistan

State-sponsored, Military Unit 02616

Motivation

Information theft and espionage

First Seen

2018

Observed Countries

Saudi Arabia
Middle East

Tools

FinFisher
CHAINSHOT
several 0-days

Information

https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec

Other Information

Uuid

ff99d24e-706d-4f15-99f3-a30c0be47cbe

Last Card Change

2020-04-14

Threat Intelligence Garden

Explorer

SandCat

SandCat

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks

Threat Intelligence Garden

Explorer

SandCat

SandCat

Description

Names

Country

Sponsor

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks