ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Operation Harvest

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation Harvest

NamesOperation Harvest (McAfee)
CountryChina China
MotivationInformation theft and espionage
First seen2016
Description(McAfee) Following a recent Incident Response, McAfee Enterpriseā€˜s Advanced Threat Research (ATR) team worked with its Professional Services IR team to support a case that initially started as a malware incident but ultimately turned out to be a long-term cyber-attack.

The diagram reflecting our outcome insinuated that Emissary Panda, APT 27, LuckyMouse, Bronze Union and APT 41 are the most likely candidates that overlap with the (sub-)techniques we observed.
Observed
Tools usedBadPotato, Impacket, Mimikatz, nbtscan, PlugX, ProcDump, PsExec, RottenPotato, SMBExec, Winnti, WinRAR.
Information<https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/operation-harvest-a-deep-dive-into-a-long-term-campaign/>

Last change to this card: 02 November 2021

Download this actor card in PDF or JSON format

Previous: Operation HangOver, Monsoon, Viceroy Tiger
Next: Operation Layover

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key