APT REPORTS

MahaPlant Group

MahaPlant Group

      I.            Overview The MahaPlant Group (APT-C-09), also known as Hangover, VICEROY TIGER, the Dropping Elephant, PatchWork, is a South Asia-based cyber-espionage group which has been active for 7 years. The group was first unveiled by Norman in 2013. Afterwards, other security vendors also monitored the group’s activities closely and published reports uncovering theirRead more about MahaPlant Group[…]

Sphinx (APT-C-15)

Sphinx (APT-C-15)

1.   Overview Operation Sphinx is a cyber-espionage activity in the Middle East. The main victims are political and military organizations in Egypt, Israel and possibly other countries. Sensitive data theft is what the attackers plotted for during the period from June, 2014 to November, 2015 when the activity was in its prime. We encountered someRead more about Sphinx (APT-C-15)[…]

Operation Mermaid

Operation Mermaid

Operation Mermaid is a series of cyber-attacks targeting government entities. The cyber-espionage campaign lasted for 6 years which has been approved to be associated with the attack on Denmark Embassy. 1.   Overview Operation Mermaid is a series of outbound APT attacks that target government entities. It has been active for 6 years since April, 2010Read more about Operation Mermaid[…]

OceanLotus (APT-C-00)

OceanLotus (APT-C-00)

Abstract Since April 2012, a hacker group performed an organized, well planned, targeted, long-term and persistent campaign against relevant important organizations of Chinese government, research institutes, maritime agencies, marine construction and shipping companies, etc. We named the responsible group as OceanLotus. OceanLotus planted sophisticated trojans to the target organizations within Chinese territory through spear phishing andRead more about OceanLotus (APT-C-00)[…]