APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]
ID: G0025
Associated Groups: Deputy Dog
Version: 1.1
Created: 31 May 2017
Last Modified: 13 October 2020
Associated Group Descriptions
Name | Description |
---|---|
Deputy Dog |
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .006 | Acquire Infrastructure: Web Services |
APT17 has created profile pages in Microsoft TechNet that were used as C2 infrastructure.[1] |
Enterprise | T1585 | Establish Accounts |
APT17 has created and cultivated profile pages in Microsoft TechNet. To make profile pages appear more legitimate, APT17 has created biographical sections and posted in forum threads.[1] |