Chinese APT Analysis “APT30”

October 26, 2017May 12, 2024 / Miguel Bigueur / Leave a comment

APT30 is a Chinese based, well organized, state sanctioned Cyber Espionage operation. The group is most notably known for its decade long use of the same sets of tools and tactics. The group’s main objective is the acquisition of private government information relating to socio and geo-political influence as conducted through long duration cyber espionage campaigns. APT30’s targets predominantly consist of organizations that satisfy its own governmental requirements for intelligence gathering. Some of the earliest domain registrations and malware compilation times date as far back as 2004 with its associated use of C2 server domains dating back to 2005. Continue reading →

Putter Panda Cyber Threat Intelligence Card

December 18, 2016December 16, 2017 / Miguel Bigueur / Leave a comment

Report by Miguel Bigueur and Daniel Bradley

Executive Summary

Putter Panda is a criminal hacker organization based out of China that has been linked to numerous cyber espionage events against American and European governments and corporations. They are linked to China’s shadow army known as, Unit 61486 of the 12^th Bureau of the People’s Liberation Army’s 3^rd General Staff Department.

Putter Panda is accused of launching Advanced Persistent Threat (APT) style espionage campaigns against American and European based space and defense companies. The group’s primary motivation is economic advancement, and accelerating time to market for knock-off technologies^[1]. Continue reading →