Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!
GROUPS
  1. Home
  2. Groups
  3. APT30

APT30

APT30 is a threat group suspected to be associated with the Chinese government. [1] While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. [2]

ID: G0013
Aliases: APT30
Version: 1.0

Alias Descriptions

NameDescription
APT30[1] [2]

Software

IDNameTechniques
S0031BACKSPACECommand-Line Interface, Connection Proxy, Data Obfuscation, Disabling Security Tools, Exfiltration Over Command and Control Channel, File and Directory Discovery, Modify Registry, Multi-Stage Channels, Process Discovery, Query Registry, Registry Run Keys / Startup Folder, Shortcut Modification, Standard Application Layer Protocol, System Information Discovery
S0036FLASHFLOODData Encrypted, Data from Local System, Data from Removable Media, Data Staged, File and Directory Discovery, Registry Run Keys / Startup Folder
S0034NETEAGLECommand-Line Interface, Custom Command and Control Protocol, Exfiltration Over Command and Control Channel, Fallback Channels, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, Standard Cryptographic Protocol, Standard Non-Application Layer Protocol
S0028SHIPSHAPERegistry Run Keys / Startup Folder, Replication Through Removable Media, Shortcut Modification
S0035SPACESHIPData Encrypted, Data Staged, Exfiltration Over Physical Medium, File and Directory Discovery, Registry Run Keys / Startup Folder, Shortcut Modification

References

  1. FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.
  1. Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.