APT16

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. [1]

ID: G0023
Aliases: APT16
Version: 1.0

Alias Descriptions

NameDescription
APT16[1]

Techniques Used

DomainIDNameUse
PRE-ATT&CKT1334Compromise 3rd party infrastructure to support deliveryAPT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1]
PRE-ATT&CKT1272Identify business relationshipsAPT16 spearphished journalists, apparently targeting those interested in contact information for DPP members or politicians.[1]

Software

IDNameTechniques
S0064ELMERCommonly Used Port, File and Directory Discovery, Process Discovery, Standard Application Layer Protocol

References