← All Threat Actors
Threat Actor Profile

Whitefly

G0107
▲ High Threat
In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until now, nothing was known about who was responsible for this attack. Symantec researchers have discovered that this attack group, which we call Whitefly, has been operating since at least 2017, has targeted organizations based mostly in Singapore across a wide variety of sectors, and is primarily interested in stealing large amounts of sensitive information.
Origin

Known TTPs

Ingress Tool Transfer
DLL
LSASS Memory
Exploitation for Privilege Escalation
Tool
Command and Scripting Interpreter
Encrypted/Encoded File
Malicious File
Match Legitimate Resource Name or Location

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD