Security is Everyone's Job

APT 31

APT 31 is a cyber espionage group that is believed to operate on behalf of the Chinese government and state-owned enterprises

The group has been active since at least 2017, and has targeted organizations and individuals in various sectors and regions, such as aerospace, defense, government, media, technology, and international affairs


Attack types

SOGU, LUCKYBIRD, SLOWGYRO, and DUCKFAT: These are Python-based implants that can perform various functions, such as file transfer, command execution, credential theft, and data exfiltration

PlugX: This is a remote access trojan (RAT) that can perform various malicious activities, such as file manipulation, process injection, keylogging, and screen capture

TONESHELL: This is a custom shellcode loader that can execute encrypted payloads in memory

C4: This is a tool that can open a Windows Command Shell on a remote host