ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Karkadann

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Karkadann

NamesKarkadann (Kaspersky)
Country[Unknown]
MotivationInformation theft and espionage
First seen2020
Description(Kaspersky) Karkadann is a threat actor that has been targeting government bodies and news outlets in the Middle East since at least October 2020. The threat actor leverages tailor-made malicious documents with embedded macros that trigger an infection chain, opening a URL in Internet Explorer. The minimal functionality present in the macros and the browser specification suggest that the threat actor might be exploiting a privilege-escalation vulnerability in Internet Explorer. Despite the small amount of evidence available for analysis in the Karkadann case, we were able to find several similarities to the Piwiks case, a watering-hole attack we discovered that targeted multiple prominent websites in the Middle East.
ObservedSectors: Government, Media.
Countries: Middle East.
Tools used
Information<https://securelist.com/apt-trends-report-q1-2021/101967/>

Last change to this card: 16 May 2021

Download this actor card in PDF or JSON format

Previous: ITG18
Next: Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key