SYMBOLCOMMON_NAMEaka. SYNONYMS

Shell Crew  (Back to overview)

aka: Deep Panda, WebMasters, APT 19, KungFu Kittens, Black Vine, Group 13, PinkPanther, Sh3llCr3w, BRONZE FIRESTONE

Adversary group targeting financial, technology, non-profit organisations.


Associated Families

There are currently no families associated with this actor.


References
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:972c13a, author = {SecureWorks}, title = {{BRONZE FIRESTONE}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-firestone}, language = {English}, urldate = {2020-05-23} } BRONZE FIRESTONE
9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew
2019-05-09CyberScoopSean Lyngaas
@online{lyngaas:20190509:chinese:90e8320, author = {Sean Lyngaas}, title = {{Chinese national indicted for 2015 Anthem breach}}, date = {2019-05-09}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/anthem-breach-indictment-chinese-national/}, language = {English}, urldate = {2020-01-13} } Chinese national indicted for 2015 Anthem breach
Shell Crew
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:deep:a149fef, author = {Cyber Operations Tracker}, title = {{Deep Panda}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/deep-panda}, language = {English}, urldate = {2019-12-20} } Deep Panda
Shell Crew
2019MITREMITRE ATT&CK
@online{attck:2019:deep:7220dc2, author = {MITRE ATT&CK}, title = {{Group description: Deep Panda}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0009/}, language = {English}, urldate = {2019-12-20} } Group description: Deep Panda
Shell Crew
2018-10-30GizmodoDell Cameron
@online{cameron:20181030:us:45da6b7, author = {Dell Cameron}, title = {{U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets}}, date = {2018-10-30}, organization = {Gizmodo}, url = {https://gizmodo.com/u-s-indicts-chinese-hacker-spies-in-conspiracy-to-stea-1830111695}, language = {English}, urldate = {2019-11-27} } U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets
Shell Crew
2017-08-26Bleeping ComputerCatalin Cimpanu
@online{cimpanu:20170826:us:0d7249a, author = {Catalin Cimpanu}, title = {{US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks}}, date = {2017-08-26}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/}, language = {English}, urldate = {2019-12-20} } US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
Shell Crew
2017-02-09CylanceThe Cylance Threat Research Team
@online{team:20170209:shell:16b5133, author = {The Cylance Threat Research Team}, title = {{Shell Crew Variants Continue to Fly Under Big AV’s Radar}}, date = {2017-02-09}, organization = {Cylance}, url = {https://threatvector.cylance.com/en_us/home/shell-crew-variants-continue-to-fly-under-big-avs-radar.html}, language = {English}, urldate = {2019-10-14} } Shell Crew Variants Continue to Fly Under Big AV’s Radar
Shell Crew
2015-08-06SymantecJon DiMaggio
@techreport{dimaggio:20150806:black:b0fbb35, author = {Jon DiMaggio}, title = {{The Black Vine cyberespionage group}}, date = {2015-08-06}, institution = {Symantec}, url = {https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf}, language = {English}, urldate = {2020-04-21} } The Black Vine cyberespionage group
Sakula RAT Shell Crew
2015-08-06SymantecJon DiMaggio
@techreport{dimaggio:20150806:black:af5cf27, author = {Jon DiMaggio}, title = {{The Black Vine cyberespionage group}}, date = {2015-08-06}, institution = {Symantec}, url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf}, language = {English}, urldate = {2020-01-10} } The Black Vine cyberespionage group
Shell Crew
2015-06-15KrebsOnSecurityBrian Krebs
@online{krebs:20150615:catching:d4edaea, author = {Brian Krebs}, title = {{Catching Up on the OPM Breach}}, date = {2015-06-15}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/}, language = {English}, urldate = {2020-01-09} } Catching Up on the OPM Breach
Shell Crew
2015-05-15Brian Krebs
@online{krebs:20150515:carefirst:2847408, author = {Brian Krebs}, title = {{Carefirst Blue Cross Breach Hits 1.1M}}, date = {2015-05-15}, url = {https://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/}, language = {English}, urldate = {2020-01-05} } Carefirst Blue Cross Breach Hits 1.1M
Shell Crew
2015-05-10NextGovAliya Sternstein
@online{sternstein:20150510:thirdparty:c631abb, author = {Aliya Sternstein}, title = {{Third-Party Software Was Entry Point for Background-Check System Hack}}, date = {2015-05-10}, organization = {NextGov}, url = {https://www.nextgov.com/cybersecurity/2015/05/third-party-software-was-entry-point-background-check-system-hack/112354/}, language = {English}, urldate = {2020-01-08} } Third-Party Software Was Entry Point for Background-Check System Hack
Shell Crew
2015-03-18Seattle TimesMike Baker
@online{baker:20150318:feds:e9fe961, author = {Mike Baker}, title = {{Feds warned Premera about security flaws before breach}}, date = {2015-03-18}, organization = {Seattle Times}, url = {https://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/}, language = {English}, urldate = {2020-01-10} } Feds warned Premera about security flaws before breach
Shell Crew
2015-02-09KrebsOnSecurityBrian Krebs
@online{krebs:20150209:anthem:1631cd7, author = {Brian Krebs}, title = {{Anthem Breach May Have Started in April 2014}}, date = {2015-02-09}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/}, language = {English}, urldate = {2019-11-29} } Anthem Breach May Have Started in April 2014
Shell Crew
2014-12-18The Washington PostChristian Davenport
@online{davenport:20141218:keypoint:4c1fd04, author = {Christian Davenport}, title = {{KeyPoint network breach could affect thousands of federal workers}}, date = {2014-12-18}, organization = {The Washington Post}, url = {https://www.washingtonpost.com/business/economy/keypoint-suffers-network-breach-thousands-of-fed-workers-could-be-affected/2014/12/18/e6c7146c-86e1-11e4-a702-fa31ff4ae98e_story.html}, language = {English}, urldate = {2020-01-13} } KeyPoint network breach could affect thousands of federal workers
Shell Crew
2014-11-24CrowdStrikeMatt Dahl
@online{dahl:20141124:i:38a6ade, author = {Matt Dahl}, title = {{I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors}}, date = {2014-11-24}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors/}, language = {English}, urldate = {2019-12-20} } I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
Shell Crew
2014-11-13ABC NewsDylan Welch
@online{welch:20141113:chinese:96bcb7c, author = {Dylan Welch}, title = {{Chinese hackers 'breach Australian media organisations' ahead of G20}}, date = {2014-11-13}, organization = {ABC News}, url = {https://www.abc.net.au/news/2014-11-13/g20-china-affliliated-hackers-breaches-australian-media/5889442}, language = {English}, urldate = {2020-01-08} } Chinese hackers 'breach Australian media organisations' ahead of G20
Shell Crew
2014-07-07CrowdStrikeDmitri Alperovitch
@online{alperovitch:20140707:deep:63e59f7, author = {Dmitri Alperovitch}, title = {{Deep in Thought: Chinese Targeting of National Security Think Tanks}}, date = {2014-07-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/deep-thought-chinese-targeting-national-security-think-tanks/}, language = {English}, urldate = {2019-12-20} } Deep in Thought: Chinese Targeting of National Security Think Tanks
Shell Crew
2014-02-24RSA ConferenceDmitri Alperovitch
@techreport{alperovitch:20140224:art:df5650c, author = {Dmitri Alperovitch}, title = {{The Art of Attribution Identifying and Pursuing your Cyber Adversaries}}, date = {2014-02-24}, institution = {RSA Conference}, url = {https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf}, language = {English}, urldate = {2020-04-06} } The Art of Attribution Identifying and Pursuing your Cyber Adversaries
ANDROMEDA SPIDER DEXTOROUS SPIDER Shell Crew Silent Chollima SINGING SPIDER Tonto Team Toxic Panda UNION SPIDER
2013-06CrowdStrikeCrowdstrike Global intelliGenCe team
@techreport{team:201306:deep:fa9b41d, author = {Crowdstrike Global intelliGenCe team}, title = {{DEEP PANDA}}, date = {2013-06}, institution = {CrowdStrike}, url = {http://cybercampaigns.net/wp-content/uploads/2013/06/Deep-Panda.pdf}, language = {English}, urldate = {2019-12-17} } DEEP PANDA
Shell Crew
2013-05-03CrowdStrikeMatt Dahl
@online{dahl:20130503:department:8be1534, author = {Matt Dahl}, title = {{Department of Labor Strategic Web Compromise}}, date = {2013-05-03}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/department-labor-strategic-web-compromise/}, language = {English}, urldate = {2019-12-20} } Department of Labor Strategic Web Compromise
Shell Crew
2013-01-02Eric Romang
@online{romang:20130102:capstone:468051d, author = {Eric Romang}, title = {{Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack And More}}, date = {2013-01-02}, url = {https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/}, language = {English}, urldate = {2020-01-08} } Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack And More
Shell Crew
2012-12-29Eric Romang BlogEric Romang
@online{romang:20121229:attack:2826780, author = {Eric Romang}, title = {{Attack and IE 0day Informations Used Against Council on Foreign Relations}}, date = {2012-12-29}, organization = {Eric Romang Blog}, url = {https://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/}, language = {English}, urldate = {2020-01-08} } Attack and IE 0day Informations Used Against Council on Foreign Relations
Shell Crew

Credits: MISP Project