SYMBOLCOMMON_NAMEaka. SYNONYMS

APT-C-34  (Back to overview)

aka: Golden Falcon

As reported by ZDNet, Chinese cyber-security vendor Qihoo 360 published a report on 2019-11-29 exposing an extensive hacking operation targeting the country of Kazakhstan. Targets included individuals and organizations involving all walks of life, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike. The campaign, Qihoo 360 said, was broad, and appears to have been carried by a threat actor with considerable resources, and one who had the ability to develop their private hacking tools, buy expensive spyware off the surveillance market, and even invest in radio communications interception hardware.


Associated Families
win.rcs

References
2020-07-21ViceLorenzo Franceschi-Bicchierai
@online{franceschibicchierai:20200721:worlds:666e813, author = {Lorenzo Franceschi-Bicchierai}, title = {{'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools}}, date = {2020-07-21}, organization = {Vice}, url = {https://www.vice.com/en_us/article/jgxvdx/jan-marsalek-wirecard-bizarre-attempt-to-buy-hacking-team-spyware}, language = {English}, urldate = {2020-07-30} } 'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
RCS
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2019-11-23ZDNetCatalin Cimpanu
@online{cimpanu:20191123:extensive:4db6fce, author = {Catalin Cimpanu}, title = {{Extensive hacking operation discovered in Kazakhstan}}, date = {2019-11-23}, organization = {ZDNet}, url = {https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/}, language = {English}, urldate = {2020-01-08} } Extensive hacking operation discovered in Kazakhstan
APT-C-34
2019-11-20360admin001
@online{admin001:20191120:shadow:49b26ff, author = {admin001}, title = {{Shadow of the Circle Hovering Over Central Asia - The Golden Eagle (APT-C-34) Organizing Attack Revealed}}, date = {2019-11-20}, organization = {360}, url = {http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html}, language = {English}, urldate = {2020-01-10} } Shadow of the Circle Hovering Over Central Asia - The Golden Eagle (APT-C-34) Organizing Attack Revealed
RCS APT-C-34
2019-01Virus BulletinFilip Kafka
@online{kafka:201901:vb2018:7d81852, author = {Filip Kafka}, title = {{VB2018 paper: From Hacking Team to hacked team to...?}}, date = {2019-01}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-hacking-team-hacked-team/}, language = {English}, urldate = {2020-01-13} } VB2018 paper: From Hacking Team to hacked team to...?
RCS
2018-03-09ESET ResearchFilip Kafka
@online{kafka:20180309:new:9d79d4b, author = {Filip Kafka}, title = {{New traces of Hacking Team in the wild}}, date = {2018-03-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/}, language = {English}, urldate = {2019-11-14} } New traces of Hacking Team in the wild
RCS Hacking Team
2017-04F-SecureF-Secure Labs
@techreport{labs:201704:callisto:5e97cb4, author = {F-Secure Labs}, title = {{CALLISTO GROUP}}, date = {2017-04}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/labs/whitepapers/Callisto_Group.pdf}, language = {English}, urldate = {2022-03-31} } CALLISTO GROUP
RCS Callisto
2012-12-07Contagiodump BlogMila Parkour
@online{parkour:20121207:aug:d59b277, author = {Mila Parkour}, title = {{Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT}}, date = {2012-12-07}, organization = {Contagiodump Blog}, url = {http://contagiodump.blogspot.com/2012/12/aug-2012-w32crisis-and-osxcrisis-jar.html}, language = {English}, urldate = {2019-12-20} } Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT
Crisis RCS
2012-08-20SymantecTakashi Katsuki
@online{katsuki:20120820:crisis:60cb26b, author = {Takashi Katsuki}, title = {{Crisis for Windows Sneaks onto Virtual Machines}}, date = {2012-08-20}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines}, language = {English}, urldate = {2020-01-10} } Crisis for Windows Sneaks onto Virtual Machines
Crisis RCS
2012-07-24The Mac Security BlogLysa Myers
@online{myers:20120724:new:2dbd887, author = {Lysa Myers}, title = {{New Apple Mac Trojan Called OSX/Crisis Discovered}}, date = {2012-07-24}, organization = {The Mac Security Blog}, url = {https://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/?}, language = {English}, urldate = {2020-01-09} } New Apple Mac Trojan Called OSX/Crisis Discovered
Crisis RCS

Credits: MISP Project