Home > List all groups > Whitefly, Mofang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Whitefly, Mofang

NamesWhitefly (Symantec)
Mofang (Fox-IT)
TEMP.Mimic (FireEye)
ATK 83 (Thales)
SectorM04 (ThreatRecon)
Superman (?)
MotivationInformation theft and espionage
First seen2012
Description(Fox-IT) Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang’s targets are selected based on involvement with investments, or technological advances that could be perceived as a threat to the Chinese sphere of influence. This is most clearly the case in a campaign focusing on government and critical infrastructure of Myanmar that is described in this report. Chances are about even, though, that Mofang is a relevant threat actor to any organization that invests in Myanmar or is otherwise politically involved. In addition to the campaign in Myanmar, Mofang has been observed to attack targets across multiple sectors (government, military, critical infrastructure and the automotive and weapon industries) in multiple countries.
ObservedSectors: Automotive, Critical infrastructure, Defense, Engineering, Government, Healthcare, Media, Telecommunications and weapon industries.
Countries: Canada, Germany, India, Myanmar, Singapore, South Korea, USA.
Tools usedMimikatz, Nibatad, ShimRAT, Termite, Vcrodat, Living off the Land.
Operations performedJul 2018Breach of SingHealth

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key