Home > List all groups > Operation NightScout

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation NightScout

NamesOperation NightScout (ESET)
MotivationInformation theft and espionage
First seen2021
Description(ESET) In January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide.

This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual.

Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities.
ObservedCountries: Hong Kong, Sri Lanka, Taiwan.
Tools used

Last change to this card: 19 April 2021

Download this actor card in PDF or JSON format

Previous: Operation Manul
Next: Operation Olympic Games

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key