ETDA ThaiCERT
Report
Search
Home > List all groups > Fishing Elephant

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Fishing Elephant

NamesFishing Elephant (Kaspersky)
Country[Unknown]
MotivationInformation theft and espionage
First seen2019
Description(Kaspersky) During the last months of 2019, we observed an ongoing campaign conducted by Fishing Elephant. The group continues to use both Heroku and Dropbox in order to deliver its tool of choice, AresRAT. We discovered that the actor incorporated a new technique into its operations that is meant to hinder manual and automatic analysis – geo-fencing and hiding executables within certificate files. During our research, we also detected a change in victimology that may reflect the current interests of the threat actor: the group is targeting government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.
ObservedSectors: Government.
Countries: Bangladesh, China, Pakistan, Turkey, Ukraine.
Tools usedAresRAT.
Information<https://securelist.com/apt-trends-report-q1-2020/96826/>

Last change to this card: 01 May 2020

Download this actor card in PDF or JSON format

Previous: FIN11
Next: Flying Kitten, Ajax Security Team

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key