APT-C-34 (Threat Actor)

APT-C-34 (Back to overview)

aka: Golden Falcon

As reported by ZDNet, Chinese cyber-security vendor Qihoo 360 published a report on 2019-11-29 exposing an extensive hacking operation targeting the country of Kazakhstan. Targets included individuals and organizations involving all walks of life, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike. The campaign, Qihoo 360 said, was broad, and appears to have been carried by a threat actor with considerable resources, and one who had the ability to develop their private hacking tools, buy expensive spyware off the surveillance market, and even invest in radio communications interception hardware.

Associated Families

win.rcs

References

2024-01-18 ⋅ Google ⋅ Google Threat Analysis Group, Wesley Shields
Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
RCS SPICA

2020-07-21 ⋅ Vice ⋅ Lorenzo Franceschi-Bicchierai
'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
RCS

2020-01-31 ⋅ Virus Bulletin ⋅ Michal Poslušný, Peter Kálnai
Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot

2019-11-23 ⋅ ZDNet ⋅ Catalin Cimpanu
Extensive hacking operation discovered in Kazakhstan
APT-C-34

2019-11-20 ⋅ 360 ⋅ admin001
Shadow of the Circle Hovering Over Central Asia - The Golden Eagle (APT-C-34) Organizing Attack Revealed
RCS APT-C-34

2019-01-01 ⋅ Virus Bulletin ⋅ Filip Kafka
VB2018 paper: From Hacking Team to hacked team to...?
RCS

2018-03-09 ⋅ ESET Research ⋅ Filip Kafka
New traces of Hacking Team in the wild
RCS Hacking Team

2017-08-25 ⋅ Kaspersky Labs ⋅ Costin Raiu, Juan Andrés Guerrero-Saade
Walking in your Enemy's Shadow: When Fourth-Party Collection becomes Attribution Hell
NetTraveler RCS WannaCryptor Dancing Salome

2017-04-01 ⋅ F-Secure ⋅ F-Secure Labs
CALLISTO GROUP
RCS Callisto

2012-12-07 ⋅ Contagiodump Blog ⋅ Mila Parkour
Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT
Crisis RCS

2012-08-20 ⋅ Symantec ⋅ Takashi Katsuki
Crisis for Windows Sneaks onto Virtual Machines
Crisis RCS

2012-07-24 ⋅ The Mac Security Blog ⋅ Lysa Myers
New Apple Mac Trojan Called OSX/Crisis Discovered
Crisis RCS

Credits: MISP Project