SYMBOLCOMMON_NAMEaka. SYNONYMS

HenBox  (Back to overview)


This threat actor targets Uighurs—a minority ethnic group located primarily in northwestern China—and devices from Chinese mobile phone manufacturer Xiaomi, for espionage purposes.


Associated Families
apk.henbox apk.carbonsteal apk.silkbean apk.goldeneagle apk.doubleagent

References
2020-06LookoutApurva Kumar, Christoph Hebeisen, Kristin Del Rosso
@techreport{kumar:202006:mobile:a277975, author = {Apurva Kumar and Christoph Hebeisen and Kristin Del Rosso}, title = {{Mobile APT SurveillanceCampaigns Targeting Uyghurs A collection of long-running Android tooling connected to a Chinese mAPT actor}}, date = {2020-06}, institution = {Lookout}, url = {https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf}, language = {English}, urldate = {2020-07-02} } Mobile APT SurveillanceCampaigns Targeting Uyghurs A collection of long-running Android tooling connected to a Chinese mAPT actor
CarbonSteal DoubleAgent GoldenEagle SilkBean
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2019-10-03Palo Alto Networks Unit 42Alex Hinchliffe
@online{hinchliffe:20191003:pkplug:4a43ea5, author = {Alex Hinchliffe}, title = {{PKPLUG: Chinese Cyber Espionage Group Attacking Asia}}, date = {2019-10-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/}, language = {English}, urldate = {2020-01-07} } PKPLUG: Chinese Cyber Espionage Group Attacking Asia
HenBox Farseer PlugX
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:henbox:19d67b8, author = {Cyber Operations Tracker}, title = {{HenBox}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/henbox}, language = {English}, urldate = {2019-12-20} } HenBox
HenBox
2018-03-13Palo Alto Networks Unit 42Alex Hinchliffe, Mike Harbison, Jen Miller-Osborn, Tom Lancaster
@online{hinchliffe:20180313:henbox:4d61efe, author = {Alex Hinchliffe and Mike Harbison and Jen Miller-Osborn and Tom Lancaster}, title = {{HenBox: The Chickens Come Home to Roost}}, date = {2018-03-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/}, language = {English}, urldate = {2020-01-09} } HenBox: The Chickens Come Home to Roost
HenBox

Credits: MISP Project