ETDA ThaiCERT
Report
Search
Home > List all groups > GCHQ

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: GCHQ

NamesGCHQ (real name)
Government Communications Headquarters (real name)
CountryUK UK
SponsorState-sponsored
MotivationInformation theft and espionage
First seen1919
Description(Wikipedia) GCHQ gains its intelligence by monitoring a wide variety of communications and other electronic signals. For this, a number of stations have been established in the UK and overseas. The listening stations are at Cheltenham itself, Bude, Scarborough, Ascension Island, and with the United States at Menwith Hill. Ayios Nikolaos Station in Cyprus is run by the British Army for GCHQ.

As revealed by Edward Snowden in The Guardian, GCHQ spied on foreign politicians visiting the 2009 G-20 London Summit by eavesdropping phonecalls and emails and monitoring their computers, and in some cases even ongoing after the summit via keyloggers that had been installed during the summit.

Other publicly exposed major APT activities from GCHQ involve the wholesale worldwide spying from programs such as, together with Equation Group, INCENSER, where various international Internet trunks were tapped.
ObservedSectors: Government, Telecommunications.
Countries: Belgium, UK.
Tools usedRegin.
Operations performed2009GCHQ intercepted foreign politicians' communications at G20 summits
<https://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits>
2010Operation Socialist
Breach of the infrastructure of the Belgian telecommunications company Belgacom.
<https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/>
Information<https://en.wikipedia.org/wiki/GCHQ>
<https://www.electrospaces.net/2014/11/incenser-or-how-nsa-and-gchq-are.html>

Last change to this card: 17 July 2020

Download this actor card in PDF or JSON format

Previous: Gangnam Industrial Style
Next: GCMAN

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key