Group: Elderwood, Elderwood Gang, ...

From enterprise
Jump to: navigation, search
Elderwood, Elderwood Gang, ...
Group
ID G0066
Aliases Elderwood, Elderwood Gang, Beijing Group, Sneaky Panda
Contributors Valerii Marchuk, Cybersecurity Help s.r.o.

Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora.1 The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers.23

Alias Descriptions

  • Elderwood - 123
  • Elderwood Gang - 23
  • Beijing Group - 3
  • Sneaky Panda - 3

Techniques Used

  • Drive-by Compromise - Elderwood has delivered zero-day exploits and malware to victims by injecting malicious code into specific public Web pages visited by targets within a particular sector.123
  • Spearphishing Attachment - Elderwood has delivered zero-day exploits and malware to victims via targeted emails containing malicious attachments.23
  • Spearphishing Link - Elderwood has delivered zero-day exploits and malware to victims via targeted emails containing a link to malicious content hosted on an uncommon Web server.23
  • Software Packing - Elderwood has packed malware payloads before delivery to victims.2
  • Remote File Copy - The Ritsol backdoor trojan used by Elderwood can download files onto a compromised host from a remote location.4
  • Exploitation for Client Execution - Elderwood has used exploitation of endpoint software, including Microsoft Internet Explorer Adobe Flash vulnerabilities, to gain execution. They have also used zero-day exploits.2
  • User Execution - Elderwood has leveraged multiple types of spearphishing in order to attempt to get a user to open links and attachments.23

Software