ETDA ThaiCERT
Report
Search
Home > List all groups > OnionDog

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: OnionDog

NamesOnionDog (Qihoo 360)
CountrySouth Korea South Korea
MotivationInformation theft and espionage
First seen2013
DescriptionSeems to be a Cyber Drill that is conducted every year rather than an APT, according to findings from TrendMicro.

(Qihoo 360) The Helios Team at 360 SkyEye Labs recently revealed that a hacker group named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correlation analysis, OnionDog's first activity can be traced back to October, 2013 and in the following two years it was only active between late July and early September. The self-set life cycle of a Trojan attack is 15 days on average and is distinctly organizational and objective-oriented.

OnionDog malware is transmitted by taking advantage of the vulnerability of the popular office software Hangul in Korean-language countries, and it attacked network-isolated targets through a USB Worm. In addition, OnionDog also used darkweb ('Onion City') communications tools, with which it can visit the domain without the Onion browser, making its real identity hidden in the completely anonymous Tor network.
ObservedSectors: Energy, Government, Transportation, Utilities.
Countries: South Korea.
Tools usedMalware on USB stick.
Information<https://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html>
<https://www.qianxin.com/assets/doc/apt_report/en/OPERATION%20ONIONDOG%20%E2%80%93Disclosing%20Targeted%20Attacks%20on%20Government.pdf>
<https://blog.trendmicro.com/trendlabs-security-intelligence/oniondog-not-targeted-attack-cyber-drill/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Subgroup: Greenbug, Volatile Kitten
Next: Operation Black Atlas

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key