JUST RELEASED: ATT&CK for Industrial Control Systems


APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. [1]

ID: G0023
Version: 1.0
Created: 31 May 2017
Last Modified: 22 March 2019

Techniques Used

Domain ID Name Use
PRE-ATT&CK T1334 Compromise 3rd party infrastructure to support delivery

APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1]

PRE-ATT&CK T1272 Identify business relationships

APT16 spearphished journalists, apparently targeting those interested in contact information for DPP members or politicians.[1]


ID Name References Techniques
S0064 ELMER [1] Commonly Used Port, File and Directory Discovery, Process Discovery, Standard Application Layer Protocol