ETDA ThaiCERT
Report
Search
Home > List all groups > CardinalLizard

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: CardinalLizard

NamesCardinalLizard (Kaspersky)
CountryChina China
MotivationInformation theft and espionage
First seen2014
Description(Kaspersky) We are moderately confident that this is a new collection of Chinese-speaking activity targeting businesses, active since 2014. Over the last few years, the group has shown an interest in the Philippines, Russia, Mongolia and Malaysia, the latter especially prevalent during 2018. The hackers use a custom malware featuring some interesting anti-detection and anti-emulation techniques. The infrastructure used also shows some overlaps with Roaming Tiger and previous PlugX campaigns, but this could just be due to infrastructure reuse under the Chinese-speaking umbrella.
ObservedCountries: Malaysia, Mongolia, Philippines, Russia.
Tools usedPlugX.
Information<https://securelist.com/apt-trends-report-q1-2018/85280/>

Last change to this card: 29 April 2020

Download this actor card in PDF or JSON format

Previous: Carbanak, Anunak
Next: Careto, The Mask

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key