HenBox (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

HenBox (Back to overview)

This threat actor targets Uighurs—a minority ethnic group located primarily in northwestern China—and devices from Chinese mobile phone manufacturer Xiaomi, for espionage purposes.

Associated Families

apk.carbonsteal apk.doubleagent apk.goldeneagle apk.henbox apk.silkbean

References

2020-06-01 ⋅ Lookout ⋅ Apurva Kumar, Christoph Hebeisen, Kristin Del Rosso
Mobile APT SurveillanceCampaigns Targeting Uyghurs A collection of long-running Android tooling connected to a Chinese mAPT actor
CarbonSteal DoubleAgent GoldenEagle SilkBean

2020-03-02 ⋅ Virus Bulletin ⋅ Alex Hinchliffe
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy

2019-10-03 ⋅ Palo Alto Networks Unit 42 ⋅ Alex Hinchliffe
PKPLUG: Chinese Cyber Espionage Group Attacking Asia
HenBox Farseer PlugX

2019-01-01 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
HenBox
HenBox

2018-03-13 ⋅ Palo Alto Networks Unit 42 ⋅ Alex Hinchliffe, Jen Miller-Osborn, Mike Harbison, Tom Lancaster
HenBox: The Chickens Come Home to Roost
HenBox

Credits: MISP Project