← threatfilter.dev / all groups / Elderwood
Elderwood
Also known as: Elderwood Gang · Beijing Group · Sneaky Panda
Overview
Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers.
Targets
Civil society · Private sector
Regions
Australia · Canada · China · Denmark · Hong Kong · India · Switzerland · Taiwan · United Kingdom · United States
Capabilities
- Exploitation of public-facing / client applications — ATT&CK T1203
- Custom malware/implant development — ATT&CK: 9 attributed custom malware families
TTPs — 9 techniques across 4 tactics
Initial Access
-
T1189Drive-by Compromise -
T1566.001Spearphishing Attachment -
T1566.002Spearphishing Link
Execution
-
T1203Exploitation for Client Execution -
T1204.001Malicious Link -
T1204.002Malicious File
Stealth
-
T1027.002Software Packing -
T1027.013Encrypted/Encoded File
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (9)
PoisonIvy · Naid · Briba · Hydraq · Linfo · Nerex · Vasport · Wiarp · Pasam
Reporting (3)
- Stealing US business secrets: Experts ID two huge cyber 'gangs' in China — Clayton, M.
- Elderwood project, who is behind Op. Aurora and ongoing attacks? — Paganini, P
- The Elderwood Project — O'Gorman, G., and McDonald, G.