ATK234

Presumed Origin: China < Back

Alias: SPIRAL

ATK234 is a Chinese state sponsored hacker group. Their latest SUPERNOVA attack was discovered at the same time as the Russian SUNBURST on SOLARWINDS 'ORION platform. Although this attack is less sophisticated than that of the Russians and went under the radar. It is nonetheless important. The Chinese group had already seen these techniques used against ZOHO MAIL

REFERENCES

- 08/03/2021, Dell Secureworks, SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group, https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group

Target sector

Government and administration agencies
Information Technology

Target countries

United States Of America

Attack pattern

T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1195 - Supply Chain Compromise
T1543.003 - Windows Service
T1553 - Subvert Trust Controls
T1568.002 - Domain Generation Algorithms

Motivation

Malwares

SUPERNOVA

ATK234

Target sector

Target countries

Attack pattern

Motivation

Malwares

Vulnerabilities

Would you like a customized presentation?

ATK234

Description

Target sector

Target countries

Attack pattern

Motivation

Malwares

Vulnerabilities