🇨🇳

PKPLUG

APT Group Information theft and espionage 8 zero-day CVEs ETDA ✓

Also Known As

No alias recorded

Target Countries 19

Countries highlighted in red

Argentina China United Kingdom Indonesia India Japan Liberia Myanmar Mongolia Malaysia Nigeria Philippines Russian Federation Saudi Arabia Singapore Province of China Taiwan Ukraine United States Vietnam

Sectors Targeted

Public Administration 92 Plastics Product Manufacturing 3261 Publishing Industries (except Internet) 511 Chemical Manufacturing 325 Religious, Grantmaking, Civic, Professional, and Similar Organizations 813 Finance and Insurance 52 Insurance Carriers and Related Activities 524 NAICS:31 31 Professional, Scientific, and Technical Services 54 Religious Organizations 8131 Software Publishers 5112 Research and Development in the Social Sciences and Humanities 54172 Legal Services 5411 Health Care and Social Assistance 62 Arts, Entertainment, and Recreation 71 Data Processing, Hosting, and Related Services 51821 Periodical Publishers 51112 Hospitals 622 Computer Systems Design Services 541512 Offices of Lawyers 541110 Computer Systems Design and Related Services 54151 Telecommunications 517 Promoters of Performing Arts, Sports, and Similar Events 7113 Pharmaceutical and Medicine Manufacturing 32541 Data Processing, Hosting, and Related Services 518 Newspaper Publishers 51111 Space Research and Technology 927 Other Services (except Public Administration) 81 Civic and Social Organizations 8134 Computer Systems Design and Related Services 5415

Details

Origin 🇨🇳 CN
Last Updated 11 May 2024

Malware Families 8

ccleaner_backdoor
sorgu
unidentified_075
zhmimikatz
win.shadow_rat
NewCore
darkstrat
win.sadbridge

MITRE ATT&CK 164

T1001 T1001.003 T1003 T1003.001 T1003.003 T1003.006 T1005 - Data from Local System T1012 - Query Registry T1014 - Rootkit T1016 - System Network Configuration Discovery T1018 T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1021.006 - Windows Remote Management T1027 - Obfuscated Files or Information T1027.001 T1027.007 T1027.012 T1027.013 T1027.016 T1030 T1033 - System Owner/User Discovery T1036 - Masquerading T1036.003 - Rename System Utilities T1036.004 T1036.005 T1036.007 T1036.008 T1037 - Boot or Logon Initialization Scripts T1041 T1046 T1047 T1048 T1048.003 T1049 - System Network Connections Discovery T1052 T1052.001 T1053 T1053.005 T1055 - Process Injection T1056 - Input Capture T1056.001 - Keylogging T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.005 T1059.007 T1068 - Exploitation for Privilege Escalation T1069 T1069.002 T1070 - Indicator Removal on Host T1070.004 T1070.006 T1071 T1071.001 - Web Protocols T1072 T1074 T1074.001 T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 T1087.002 T1090 T1090.003 - Multi-hop Proxy T1091 T1095 T1102 T1102.002 - Bidirectional Communication T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1112 T1113 - Screen Capture T1115 - Clipboard Data T1119 T1124 - System Time Discovery T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - MSBuild T1129 T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1176 - Browser Extensions T1176.002 T1189 - Drive-by Compromise T1203 T1204 - User Execution T1204.001 T1204.002 - Malicious File T1205 T1218 - Signed Binary Proxy Execution T1218.004 T1218.005 - Mshta T1218.007 T1218.014 T1219 T1219.001 T1219.002 T1480 T1489 - Service Stop T1490 - Inhibit System Recovery T1497 - Virtualization/Sandbox Evasion T1505 - Server Software Component T1505.003 T1518 - Software Discovery T1528 - Steal Application Access Token T1530 - Data from Cloud Storage Object T1539 T1543 - Create or Modify System Process T1546 T1546.003 T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1553 - Subvert Trust Controls T1553.002 - Code Signing T1555 - Credentials from Password Stores T1557 T1557.002 T1560 - Archive Collected Data T1560.001 T1560.003 T1562 - Impair Defenses T1564 T1564.001 T1566 - Phishing T1566.001 T1566.002 T1567 T1567.002 T1569 - System Services T1571 - Non-Standard Port T1572 T1573 - Encrypted Channel T1573.001 T1573.002 - Asymmetric Cryptography T1574 - Hijack Execution Flow T1574.001 T1574.002 - DLL Side-Loading T1574.005 T1583 T1583.001 T1583.006 T1585 T1585.002 T1586 T1586.002 T1587 T1587.001 T1588 T1588.001 T1588.002 T1588.003 T1588.004 T1593 T1598 T1598.003 T1608 T1608.001 T1608.004 T1608.005 T1622 T1654 T1678

Related Zero-Days 8

CVE-2021-26855 CVE-2021-27065 CVE-2023-38831 CVE-2024-0012 CVE-2024-55591 CVE-2025-55182 CVE-2025-8088 CVE-2026-24858