Group: Suckfly

From ATT&CK
Jump to: navigation, search
Suckfly
Group
ID G0039
Aliases Suckfly

Suckfly is a China-based threat group that has been active since at least 2014.1

Techniques Used

  • Code Signing - Suckfly has used stolen certificates to sign its malware.1
  • Credential Dumping - Suckfly used a signed credential-dumping tool to obtain victim account credentials.2
  • Legitimate Credentials - Suckfly used legitimate account credentials that they dumped to navigate the internal victim network as though they were the legitimate account owner.2

Software