| SYMBOL | COMMON_NAME | aka. SYNONYMS |
China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. This threat actor targets prodemocratic activists and organizations in Hong Kong, European and international financial institutions, and a U.S.-based think tank.
| 2021-03-17 ⋅ Recorded Future ⋅ China-linked TA428 Continues to Target Russia and Mongolia IT Companies PlugX Poison Ivy |
| 2021-02-01 ⋅ ESET Research ⋅ Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy |
| 2021-01-15 ⋅ Swisscom ⋅ Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
| 2021-01-08 ⋅ Youtube (Virus Bulletin) ⋅ Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-10-01 ⋅ US-CERT ⋅ Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
| 2020-09-30 ⋅ NTT Security ⋅ Operation LagTime IT: colourful Panda footprint (Slides) Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-30 ⋅ NTT Security ⋅ Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-16 ⋅ RiskIQ ⋅ RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
| 2020-03-12 ⋅ Check Point ⋅ Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
| 2020-03-02 ⋅ Virus Bulletin ⋅ Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
| 2020-01-29 ⋅ nao_sec blog ⋅ An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
| 2020-01-09 ⋅ Lab52 ⋅ TA428 Group abusing recent conflict between Iran and USA Poison Ivy |
| 2020 ⋅ Secureworks ⋅ BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell LuckyMouse |
| 2020 ⋅ Secureworks ⋅ BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell Aurora Panda |
| 2020 ⋅ Secureworks ⋅ ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020 ⋅ Secureworks ⋅ BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves Stone Panda |
| 2020 ⋅ Secureworks ⋅ BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew |
| 2019-11-19 ⋅ FireEye ⋅ Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
| 2019-08-12 ⋅ Kindred Security ⋅ An Overview of Public Platform C2’s HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT |
| 2019-07-23 ⋅ Proofpoint ⋅ Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2019-06-25 ⋅ Cybereason ⋅ OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS MimiKatz Poison Ivy Operation Soft Cell |
| 2019 ⋅ MITRE ⋅ Group description: admin@338 Temper Panda |
| 2019 ⋅ Council on Foreign Relations ⋅ admin@338 Temper Panda |
| 2019 ⋅ MITRE ⋅ Tool description: BUBBLEWRAP BUBBLEWRAP |
| 2019 ⋅ Virus Bulletin ⋅ A vine climbing over the Great Firewall: A long-term attack against China Poison Ivy ZXShell |
| 2018-09-21 ⋅ Qihoo 360 Technology ⋅ Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment Poison Ivy |
| 2018-05-15 ⋅ BSides Detroit ⋅ IR in Heterogeneous Environment Korlia Poison Ivy |
| 2017-09-15 ⋅ Fortinet ⋅ Deep Analysis of New Poison Ivy/PlugX Variant - Part II Poison Ivy |
| 2017-08-31 ⋅ NCC Group ⋅ Analysing a recent Poison Ivy sample Poison Ivy |
| 2017-08-23 ⋅ Fortinet ⋅ Deep Analysis of New Poison Ivy Variant Poison Ivy |
| 2016-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy Poison Ivy |
| 2016-04-26 ⋅ Github (CyberMonitor) ⋅ New Poison Ivy Activity Targeting Myanmar, Asian Countries Poison Ivy |
| 2016-04-22 ⋅ Palo Alto Networks Unit 42 ⋅ New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists Poison Ivy |
| 2016-03-25 ⋅ Palo Alto Networks Unit 42 ⋅ ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe Bozok Operation C-Major |
| 2015-12-01 ⋅ FireEye ⋅ China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets BUBBLEWRAP LOWBALL Temper Panda |
| 2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
| 2014-09-19 ⋅ Palo Alto Networks Unit 42 ⋅ Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy Poison Ivy |
| 2013-10-31 ⋅ FireEye ⋅ Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy Temper Panda |
| 2013-08-23 ⋅ FireEye ⋅ Operation Molerats: Middle East Cyber Attacks Using Poison Ivy Poison Ivy Molerats |
| 2011 ⋅ Symantec ⋅ The Nitro Attacks: Stealing Secrets from the Chemical Industry Poison Ivy Nitro |