APT-C-12  (Back to overview)

aka: Sapphire Mushroom, Blue Mushroom, NuclearCrisis

According to 360 TIC the actor has carried out continuous cyber espionage activities since 2011 on key units and departments of the Chinese government, military industry, scientific research, and finance. The organization focuses on information related to the nuclear industry and scientific research. The targets were mainly concentrated in mainland China...[M]ore than 670 malware samples have been collected from the group, including more than 60 malicious plugins specifically for lateral movement; more than 40 C2 domain names and IPs related to the organization have also been discovered.

Associated Families

2020-02-10Bit of Hex BlogMatt
@online{matt:20200210:suspected:d2241fe, author = {Matt}, title = {{Suspected Sapphire Mushroom (APT-C-12) malicious LNK files}}, date = {2020-02-10}, organization = {Bit of Hex Blog}, url = {}, language = {English}, urldate = {2020-02-13} } Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
Unidentified PS 001 APT-C-12
2018-07-12360 Threat Intelligence360
@online{360:20180712:blue:ca92dea, author = {360}, title = {{Blue Pork Mushroom (APT-C-12) targeted attack technical details revealed}}, date = {2018-07-12}, organization = {360 Threat Intelligence}, url = {}, language = {Chinese}, urldate = {2020-04-06} } Blue Pork Mushroom (APT-C-12) targeted attack technical details revealed

Credits: MISP Project