Temper Panda, admin@338

Description

(FireEye) The threat group has previously used newsworthy events as lures to deliver malware. They have largely targeted organizations involved in financial, economic and trade policy, typically using publicly available RATs such as Poison Ivy, as well some non-public backdoors.

The group started targeting Hong Kong media companies, probably in response to political and economic challenges in Hong Kong and China. The threat group’s latest activity coincided with the announcement of criminal charges against democracy activists. During the past 12 months, Chinese authorities have faced several challenges, including large-scale protests in Hong Kong in late 2014, the precipitous decline in the stock market in mid-2015, and the massive industrial explosion in Tianjin in August 2015. In Hong Kong, the pro-democracy movement persists, and the government recently denied a professor a post because of his links to a pro-democracy leader.

Names

Name	Name-Giver
Temper Panda	Crowdstrike
admin@338	FireEye
Team338	Kaspersky
Magnesium	Microsoft

Country

• China

Motivation

• Information theft and espionage

First Seen

2014

Observed Sectors

• Defense
• Financial
• Government
• Media
• Think Tanks

Observed Countries

• Hong Kong
• USA

Tools

• Bozok
• BUBBLEWRAP
• LOWBALL
• Poison Ivy
• Living off the Land

Information

• https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html
• https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html

Mitre Attack

• https://attack.mitre.org/groups/G0018/

Other Information

Uuid

d54adbf5-1684-4824-8416-045b3265eb3d

Last Card Change

2020-04-22