It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. Groups are also mapped to reported Software used and attributed Campaigns, and related techniques for each are tracked separately on their respective pages.Īssociated is a China-based cyber threat group. The information provided does not represent all possible technique use by Groups, but rather a subset that is available solely through open source reporting. Groups are mapped to publicly reported technique use and original references are included. We do not represent these names as exact overlaps and encourage analysts to do additional research. Which are designated as “Associated Groups” on each page (formerly labeled “Aliases”), because we believe these overlaps are useful for analyst awareness. The team makes a best effort to track overlaps between names based on publicly reported associations, Organizations' group definitions may partially overlap with groups designated by other organizations and may disagree on specific activity.įor the purposes of the Group pages, the MITRE ATT&CK team uses the term Group to refer to any of the above designations for an adversary activity cluster. Some groups have multiple names associated with similar activities due to various organizations tracking similar activities by different names. Groups are activity clusters that are tracked by a common name in the security community.Īnalysts track these clusters using various analytic methodologies and terms such as threat groups, activity groups, and threat actors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |