Whitefly, Mofang
Description
(Fox-IT) Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang’s targets are selected based on involvement with investments, or technological advances that could be perceived as a threat to the Chinese sphere of influence. This is most clearly the case in a campaign focusing on government and critical infrastructure of Myanmar that is described in this report. Chances are about even, though, that Mofang is a relevant threat actor to any organization that invests in Myanmar or is otherwise politically involved. In addition to the campaign in Myanmar, Mofang has been observed to attack targets across multiple sectors (government, military, critical infrastructure and the automotive and weapon industries) in multiple countries.
Names
| Name | Name-Giver |
|---|---|
| Whitefly | Symantec |
| Mofang | Fox-IT |
| TEMP.Mimic | FireEye |
| Bronze Walker | SecureWorks |
| ATK 83 | Thales |
| SectorM04 | ThreatRecon |
| Superman | ? |
Country
Motivation
- Information theft and espionage
First Seen
2012
Observed Sectors
- Automotive
- Critical infrastructure
- Defense
- Engineering
- Government
- Healthcare
- Media
- Telecommunications
- weapon industries
Observed Countries
Tools
Operations
- 2018-07: Breach of SingHealth https://www.reuters.com/article/us-singapore-cyberattack/cyberattack-on-singapore-health-database-steals-details-of-1-5-million-including-pm-idUSKBN1KA14J https://redalert.nshc.net/2019/03/19/sectorm04-targeting-singapore-custom-malware-analysis/
Information
- https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf
- https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore
Mitre Attack
Other Information
Uuid
59308a4a-3c7b-4589-87e5-0c4d0d19274e
Last Card Change
2022-12-30