Security is Everyone's Job


APT-C-39 is a name given to a hacking group that is allegedly affiliated with the Central Intelligence Agency (CIA) of the United States

The group has been active since at least 2011 and has used a range of backdoor Trojans and zero-day vulnerabilities to compromise its targets

The group’s targets include China’s critical industries, such as aviation, scientific research, petroleum, internet, and government agencies

The group has conducted cyber-espionage operations against these targets for 11 years, from 2008 to 2019

Attack methods

The group’s attack methods include using CIA-exclusive cyber weapons, such as Fluxwire and Grasshopper, to deliver malware and exfiltrate data

The group also uses various tools to steal credentials, clipboard data, files, and registry keys from the compromised hosts

The group communicates with its command and control (C2) servers using HTTP, DNS, and other application layer protocols


Some of the aliases of APT-C-39 are Longhorn, Lamberts, the Lamberts, ITG07, Chafer, Remix Kitten, and PLATINUM TERMINAL