← All Threat Actors
Threat Actor Profile

CL-UNK-1068

No known aliases in database
▲ High Threat
Multi-year Asian Critical Infrastructure Espionage, Silver Fox APT Spear-phishing Campaign
Origin China
Sponsor Chinese Government (Nation-state)
Motivation cyberespionage

Target Sectors

Aviation Energy Government Law Enforcement Pharmaceutical Technology Telecommunications

Known TTPs

Web shell deployment (GodZilla, AntSword)
DLL side-loading (abusing python.exe with python20.dll)
Custom Go-based network scanning (ScanPortPlus)
Linux-specific backdoor deployment (Xnote)
Modified Fast Reverse Proxy (FRP) for persistence
Credential theft using Mimikatz, LsaRecorder, DumpIt, and Volatility
Stealthy data exfiltration (WinRAR compression, Base64 encoding, and terminal printing)
Living-off-the-land binaries (LOLBINs)
Spear-phishing with malicious attachments and links (ABCDoor, ValleyRAT)

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD