🇨🇳

Fishing Elephant

APT Group Information theft and espionage ETDA ✓

Also Known As 1 names

Outrider Tiger

Target Countries 9

Countries highlighted in red

Bangladesh China Germany Indonesia Sri Lanka Nepal Pakistan Turkey Ukraine

Sectors Targeted

Government

Details

Origin 🇨🇳 CN

Last Updated 26 Sep 2024

MITRE ATT&CK 26

T1027 - Obfuscated Files or Information T1036 - Masquerading T1055 - Process Injection T1059 - Command and Scripting Interpreter T1059.003 T1071 - Application Layer Protocol T1071.001 T1090 - Proxy T1102 - Web Service T1132 - Data Encoding T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1189 - Drive-by Compromise T1204 - User Execution T1218 - Signed Binary Proxy Execution T1219 - Remote Access Software T1496 T1547.001 - Registry Run Keys / Startup Folder T1557 - Man-in-the-Middle T1566 - Phishing T1566.001 T1573 - Encrypted Channel T1574 - Hijack Execution Flow T1584 - Compromise Infrastructure T1585 - Establish Accounts T1586 - Compromise Accounts

Related Zero-Days

No zero-day CVE linked to this actor

Known Names 1 entries

Fishing Elephant Kaspersky

Observed Target Countries 5

Based on ETDA data — countries highlighted in red

Bangladesh China Pakistan Turkey Ukraine

Description

(Kaspersky) During the last months of 2019, we observed an ongoing campaign conducted by Fishing Elephant. The group continues to use both Heroku and Dropbox in order to deliver its tool of choice, AresRAT. We discovered that the actor incorporated a new technique into its operations that is meant to hinder manual and automatic analysis – geo-fencing and hiding executables within certificate files. During our research, we also detected a change in victimology that may reflect the current interests of the threat actor: the group is targeting government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.

Tools Used 1

AresRAT

Reports & References 1

https://securelist.com/apt-trends-report-q1-2020/96826/

ETDA Profile

Fishing Elephant

Origin

[Unknown]

First Seen 2019

Motivation

Information theft and espionage

View on ETDA APT Groups ↗