🇨🇳

Scarab

APT Group Information theft and espionage 6 zero-day CVEs ETDA ✓

Also Known As

No alias recorded

Target Countries 10

Countries highlighted in red

Spain France Mexico Poland Russian Federation Slovakia Syrian Arab Republic Turkey Ukraine United States

Sectors Targeted

Periodical Publishers 51112

Details

Origin 🇨🇳 CN

Last Updated 01 Jun 2022

MITRE ATT&CK 66

T1003 T1016 T1021 T1027 T1033 T1036 T1041 T1049 T1053 T1057 T1059 T1059.001 - PowerShell T1059.003 - Windows Command Shell T1070 T1071 T1078 - Valid Accounts T1082 T1087 T1090 T1095 T1102 T1105 T1106 T1110 T1110.001 - Password Guessing T1114 T1115 T1124 T1127 T1132 T1133 T1136 T1136.001 - Local Account T1140 - Deobfuscate/Decode Files or Information T1176 T1190 - Exploit Public-Facing Application T1204 - User Execution T1212 - Exploitation for Credential Access T1218 T1485 - Data Destruction T1486 - Data Encrypted for Impact T1490 T1529 T1530 T1531 T1543 T1547 T1550 T1553 T1560 T1561 T1562 T1566 T1566.001 T1571 T1573 T1583 T1583.001 - Domains T1587 T1587.001 - Malware T1588.001 - Malware T1588.002 - Tool T1588.005 - Exploits T1590.005 - IP Addresses T1595 T1595.002 - Vulnerability Scanning

Related Zero-Days 6

CVE-2017-0144 CVE-2018-8174 CVE-2020-1472 CVE-2022-42475 CVE-2023-36884 CVE-2023-38831

Known Names 2 entries

Scarab Symantec

UAC-0026 CERT-UA

Observed Target Countries 4

Based on ETDA data — countries highlighted in red

Russia Syria Ukraine USA

Description

(Symantec) A group of attackers, which we call Scarab, has been performing highly targeted attacks against particular Russian-speaking individuals both inside and outside of Russia since at least January 2012. In each campaign, the attackers typically target a small amount of individuals—rather than enterprises or governments—using economic, military, topical, or generic lures. On average, less than ten unique computers are infected per month and there is no indication that the attackers are trying to spread through the victim’s local network, suggesting that Scarab’s campaigns are extremely targeted in nature.

Tools Used 1

Scieron

Operations 1

2022-03 Chinese Threat Actor Scarab Targeting Ukraine https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/

Reports & References 1

https://web.archive.org/web/20150124025612/http:/www.symantec.com:80/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012

ETDA Profile

Scarab

Origin

China

First Seen 2012

Motivation

Information theft and espionage

View on ETDA APT Groups ↗