APT 12 is a cyber espionage group that has been attributed to China.
The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments
APT 12 is also know as, IXESHE, DynCalc, Numbered Panda, DNSCALC, Group G0005.
History
APT 12 was first publicly reported by Mandiant in 2013, who linked the group to the Chinese People’s Liberation Army (PLA)
APT 12’s targets are consistent with larger People’s Republic of China (PRC) goals. Intrusions and campaigns conducted by this group are in-line with PRC goals and self-interest in Taiwan
APT 12 has used multiple malware families and techniques to compromise and maintain access to their victims’ networks, such as HTRAN, Ixeshe, Riptide, and DNS Calculation
APT 12 has exploited multiple vulnerabilities for execution, such as Microsoft Office vulnerabilities (CVE-2009-3129, CVE-2012-0158) and vulnerabilities in Adobe Reader and Flash (CVE-2009-4324, CVE-2009-0927, CVE-2011-0609, CVE-2011-0611)
APT 12 has also used blogs and WordPress for command and control (C2) infrastructure