ETDA ThaiCERT
Report
Search
Home > List all groups > Operation Poison Needles

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation Poison Needles

NamesOperation Poison Needles (Qihoo 360)
CountryUkraine Ukraine
MotivationInformation theft and espionage
First seen2018
Description(Qihoo 360) On the evening of November 29, 2018, shortly after the break-out of the Kerch Strait Incident, 360 Advanced Threat Response Team was the first security team to discover the APT attack against the FSBI “Polyclinic No.2” affiliated to the Presidential Administration of Russia. The lure document used to initiate the attack was a carefully forged employee questionnaire, which exploited the latest Flash 0day vulnerability CVE-2018-15982 and a customized Trojan with self-destruction function. All the technical details indicate that the APT group is determined to compromise the target at any price, but at the same time, it is also very cautious.
ObservedSectors: Healthcare.
Countries: Russia.
Tools used0-day Flash exploit.
Information<http://blogs.360.cn/post/PoisonNeedles_CVE-2018-15982_EN>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Operation Poisoned News, TwoSail Junk
Next: Operation Potao Express

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key