Sciextor

APT 3

APT 3 is a China-based threat group that researchers have attributed to China’s Ministry of State Security

This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap

APT 3 has been active since at least 2010 and has targeted a variety of sectors, including defense, aerospace, energy, telecommunications, and media

APT 3 uses a range of techniques to infiltrate networks, such as spear-phishing, web shells, backdoors, and zero-day exploits

Some of the malware associated with APT 3 are BEMOTH, BUBBLEWRAP, GEMINI DUNER, and PIRPI

APT 3 is considered to be one of the most advanced and persistent threat actors in the cyber domain.

Keynotes

• APT 3 is also known as Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, and TG-0110
• APT 3 is believed to be sponsored by China’s Ministry of State Security, which is the main intelligence and security agency of China
• APT 3 has been active since at least 2010 and has targeted a variety of sectors, including defense, aerospace, energy, telecommunications, and media. It has also targeted political organizations in Hong Kong since 2015
• APT 3 is known for using zero-day exploits to compromise vulnerable systems. For example, it exploited the Adobe Flash Player vulnerability CVE-2015-3113 and Internet Explorer vulnerability CVE-2014-17761. It also used the Equation Group’s tools, such as Bemstour and DoublePulsar, before they were leaked by the Shadow Brokers in 2017
• APT 3 uses a range of malware to maintain persistence and exfiltrate data from the victims’ networks. Some of the malware associated with APT 3 are BEMOTH, BUBBLEWRAP, GEMINI DUNER, and PIRPI. These malware can communicate with the command and control servers using various protocols, such as HTTP, HTTPS, DNS, and SMTP
• APT 3 is considered to be one of the most advanced and persistent threat actors in the cyber domain. It has demonstrated a high level of technical sophistication and operational flexibility. It has also shown an ability to adapt to changing environments and evade detection by security products