ETDA ThaiCERT
Report
Search
Home > List all groups > Shadow Network

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Shadow Network

NamesShadow Network (Information Warfare Monitor)
CountryChina China
MotivationInformation theft and espionage
First seen2010
Description(Information Warfare Monitor) Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The report also contains an analysis of data which were stolen from politically sensitive targets and recovered during the course of the investigation. These include documents from the Offices of the Dalai Lama and agencies of the Indian national security establishment. Data containing sensitive information on citizens of numerous third-party countries, as well as personal, financial, and business information, were also exfiltrated and recovered during the course of the investigation. The report analyzes the malware ecosystem employed by the Shadows’ attackers, which leveraged multiple redundant cloud computing systems, social networking platforms, and free web hosting services in order to maintain persistent control while operating core servers located in the People’s Republic of China (PRC). Although the identity and motivation of the attackers remain unknown, the report is able to determine the location (Chengdu, PRC) as well as some of the associations of the attackers through circumstantial evidence. The investigation is the product of an eight month, collaborative activity between the Information Warfare Monitor (Citizen Lab and SecDev) and the Shadowserver Foundation. The investigation employed a fusion methodology, combining technical interrogation techniques, data analysis, and field research, to track and uncover the Shadow cyber espionage network.

Also see GhostNet, Snooping Dragon.
ObservedSectors: Education, Government and others.
Countries: Afghanistan, Australia, Azerbaijan, Canada, China, France, Germany, Greece, Hong Kong, India, Israel, Italy, Japan, Lithuania, Malaysia, Mexico, Nepal, Netherlands, New Zealand, Pakistan, Papua New Guinea, Philippines, Qatar, Romania, Russia, South Korea, Sweden, Taiwan, Thailand, Tibet, UAE, UK, USA, Vietnam.
Tools usedShadowNet.
Counter operations2010Taken down by the Shadowserver Foundation.
Information<https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf>

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Sea Turtle
Next: ShaggyPanther

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key