| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GreenSpot is an APT group believed to operate from Taiwan, active since at least 2007, primarily targeting government, academic, and military entities in China through phishing campaigns. The group frequently targets 163.com, aiming to steal login credentials using deceptive domains, manipulated TLS certificates, and counterfeit interfaces. Their tactics highlight the sophistication of modern credential theft operations, necessitating detection efforts focused on irregular domain registrations and certificate anomalies.
There are currently no families associated with this actor.
| 2025-02-04
⋅
Hunt.io
⋅
GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains GreenSpot |
| 2018-12-18
⋅
Antiy
⋅
“GreenSpot”Operations Grow For Many Years GreenSpot |