APT-C-39 is a name given to a hacking group that is allegedly affiliated with the Central Intelligence Agency (CIA) of the United States
The group has been active since at least 2011 and has used a range of backdoor Trojans and zero-day vulnerabilities to compromise its targets
The group’s targets include China’s critical industries, such as aviation, scientific research, petroleum, internet, and government agencies
The group has conducted cyber-espionage operations against these targets for 11 years, from 2008 to 2019
Attack methods
The group’s attack methods include using CIA-exclusive cyber weapons, such as Fluxwire and Grasshopper, to deliver malware and exfiltrate data
The group also uses various tools to steal credentials, clipboard data, files, and registry keys from the compromised hosts
The group communicates with its command and control (C2) servers using HTTP, DNS, and other application layer protocols
Aliases
Some of the aliases of APT-C-39 are Longhorn, Lamberts, the Lamberts, ITG07, Chafer, Remix Kitten, and PLATINUM TERMINAL