🇨🇳
FamousSparrow
APT Group
Information theft and espionage
18 zero-day CVEs
ETDA ✓
Also Known As 7 names
Salt Typhoon
Operator Panda
FamousSparrow
GhostEmperor
Earth Estries
RedMike
UNC2286
Target Countries 35
Countries highlighted in red
Afghanistan
Argentina
Austria
Bangladesh
Belgium
Burkina Faso
Brazil
Canada
Germany
Egypt
Ethiopia
France
United Kingdom
Guatemala
Honduras
Indonesia
Israel
India
Islamic Republic of Iran
Lithuania
Mexico
Malaysia
Nigeria
Netherlands
Philippines
Pakistan
Saudi Arabia
Singapore
Swaziland
Thailand
Province of China Taiwan
United States
Uruguay
Vietnam
South Africa
Sectors Targeted
Hospitals
622
Computer Systems Design and Related Services
54151
Professional, Scientific, and Technical Services
54
Internet Publishing and Broadcasting and Web Search Portals
51913
Construction
23
Computer Systems Design Services
541512
Other Personal Services
8129
Periodical Publishers
51112
Grantmaking and Giving Services
8132
National Security and International Affairs
928110
Business Schools and Computer and Management Training
6114
Transportation
Oil and Gas Extraction
211
Educational Services
61
Engineering
Accommodation
721
Hospitality
Chemical
Education
Semiconductor and Other Electronic Component Manufacturing
33441
Employment Placement Agencies and Executive Search Services
56131
law firms
NAICS:48
48
Telecommunications
517
Pharmaceutical and Medicine Manufacturing
32541
Health Care and Social Assistance
62
Executive, Legislative, and Other General Government Support
9211
Finance and Insurance
52
Technology
Computer and Electronic Product Manufacturing
334
Telecommunications
Business, Professional, Labor, Political, and Similar Organizations
8139
Chemical Manufacturing
325
Personal Care Services
8121
Management Consulting Services
54161
Public Administration
92
Investigation, Guard, and Armored Car Services
56161
NGOs
Government
Details
Origin
🇨🇳 CN
Last Updated
28 Mar 2025
MITRE ATT&CK 115
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1021 - Remote Services
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1036.005 - Match Legitimate Name or Location
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1048.003
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1055 - Process Injection
T1055.001 - Dynamic-link Library Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.002 - AppleScript
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.007 - JavaScript
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1070.002
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.002 - File Transfer Protocols
T1071.004 - DNS
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1098 - Account Manipulation
T1098.004
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1110.002
T1112 - Modify Registry
T1132.001 - Standard Encoding
T1133 - External Remote Services
T1136 - Create Account
T1140 - Deobfuscate/Decode Files or Information
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1204.002 - Malicious File
T1222.002 - Linux and Mac File and Directory Permissions Modification
T1495 - Firmware Corruption
T1497 - Virtualization/Sandbox Evasion
T1505.003 - Web Shell
T1530 - Data from Cloud Storage Object
T1531 - Account Access Removal
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1548.002
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1553.006 - Code Signing Policy Modification
T1556 - Modify Authentication Process
T1557 - Man-in-the-Middle
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1562.004
T1564 - Hide Artifacts
T1566 - Phishing
T1567.002 - Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1569 - System Services
T1571 - Non-Standard Port
T1572 - Protocol Tunneling
T1573.001 - Symmetric Cryptography
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.004 - Server
T1584 - Compromise Infrastructure
T1587
T1587.001 - Malware
T1588 - Obtain Capabilities
T1588.001 - Malware
T1588.002 - Tool
T1588.005 - Exploits
T1589.002 - Email Addresses
T1590 - Gather Victim Network Information
T1590.001 - Domain Properties
T1590.004
T1595 - Active Scanning
T1599 - Network Boundary Bridging
T1601.002 - Downgrade System Image
T1602 - Data from Configuration Repository
T1602.002
T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1609 - Container Administration Command
T1610 - Deploy Container