ETDA ThaiCERT
Report
Search
Home > List all groups > AVIVORE

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: AVIVORE

NamesAVIVORE (Context)
CountryChina China
MotivationInformation theft and espionage
First seen2015
Description(Context) Until now, most prominent supply chain intrusions have been 'vertical'; initial victims are typically Managed Services Providers or software vendors leveraged by attackers to move up or down the supply chain. However, since summer 2018, Context Information Security has been investigating a series of incidents targeting UK and European Aerospace and Defence that are best described as 'horizontal'. Advanced attackers have been leveraging direct connectivity between suppliers and partners who are integrated into each other’s value chains. We have been tracking this activity under the codename AVIVORE.

Affected victims include large multinational firms (Primes) and smaller engineering or consultancy firms within their supply chain (Secondaries). Context has worked closely with victims, the National Cyber Security Centre (NCSC), security organisations, and law enforcement agencies across Europe to reduce impact and prevent further compromise.
ObservedSectors: Aerospace, Automotive, Energy, Satellites.
Countries: UK and Europe.
Tools usedMimikatz, PlugX, Living off the Land.
Information<https://www.contextis.com/en/blog/avivore>

Last change to this card: 19 April 2020

Download this actor card in PDF or JSON format

Previous: APT 41
Next: Axiom, Group 72

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key