← All Threat Actors
Threat Actor Profile

APT3

BORON Boyusec Brocade Typhoon BRONZE MAYFAIR Buckeye G0022 GOTHIC PANDA Group 6 Pirpi Red Sylvan TG-0110 Threat Group-0110 UPS UPS Team
▲ High Threat
Symantec described UPS in 2016 report as: 'Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to have been operating for well over half a decade. Traditionally, the group attacked organizations in the US as well as other targets. However, Buckeyes focus appears to have changed as of June 2015, when the group began compromising political entities in Hong Kong.'
Origin China
Sponsor China
Motivation Espionage

Target Sectors

Private sector Political party

Known TTPs

Scheduled Task
Multi-Stage Channels
Password Cracking
Hidden Window
Credentials from Web Browsers
Windows Command Shell
System Network Configuration Discovery
System Network Connections Discovery
External Proxy
Rundll32
Obfuscated Files or Information
Spearphishing Link
Additional Local or Domain Groups
Malicious Link
Exfiltration Over C2 Channel
Credentials In Files
Local Data Staging
Domain Accounts
Data from Local System
Exploitation for Client Execution
SMB/Windows Admin Shares
DLL
Local Account
File Deletion
File and Directory Discovery
Accessibility Features
Archive via Utility
System Information Discovery
PowerShell
Windows Service
LSASS Memory
Registry Run Keys / Startup Folder
Remote Desktop Protocol
Process Discovery
Non-Application Layer Protocol
Permission Groups Discovery
Remote System Discovery
Keylogging
Masquerade Account Name
Software Packing
Local Account
Ingress Tool Transfer
System Owner/User Discovery
Indicator Removal from Tools

External Resources

CISA Advisories ↗

Related Intelligence


LINK COPIED TO CLIPBOARD