SYMBOL | COMMON_NAME | aka. SYNONYMS |
Throughout 2019, multiple companies in the Taiwan high-tech ecosystem were victims of an advanced persistent threat (APT) attack. Due to these APT attacks having similar behavior profiles (similar adversarial techniques, tactics, and procedures or TTP) with each other and previously documented cyberattacks, CyCraft assess with high confidence these new attacks were conducted by the same foreign threat actor. During their investigation, they dubbed this threat actor Chimera. “Chimera” stands for the synthesis of hacker tools that they’ve seen the group use, such as the skeleton key malware that contained code extracted from both Dumpert and Mimikatz — hence Chimera. Their operation — the entirety of the new attacks utilizing the Skeleton Key attack (described below) from late 2018 to late 2019, CyCraft have dubbed Operation Skeleton Key.
There are currently no families associated with this actor.
2020-08-06 ⋅ Wired ⋅ Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry Cobalt Strike MimiKatz Winnti Operation Skeleton Key |
2020-08-04 ⋅ BlackHat ⋅ Operation Chimera - APT Operation Targets Semiconductor Vendors Cobalt Strike MimiKatz Winnti Operation Skeleton Key |
2020-04-16 ⋅ Medium CyCraft ⋅ Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: Digital Skeleton Key Bypasses Security Measures Cobalt Strike MimiKatz Operation Skeleton Key |
2020-04-15 ⋅ CyCraft ⋅ APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors Operation Skeleton Key |