ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Yanbian Gang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Yanbian Gang

NamesYanbian Gang (?)
CountryChina China
MotivationFinancial crime
First seen2013
Description(Trend Micro) In 2014, we took a close look at the Chinese underground market and found that it continued to thrive. But what we did not see was that even cybercriminals in remote parts of the country—Yanbian—were successfully profiting from the Android™ mobile banking customers in a neighboring country—South Korea.

What we have dubbed the “Yanbian Gang” has successfully been siphoning millions from their victims’ accounts since 2013. The hackers used fake banking and other popular apps to victimize more than 4,000 South Korean Android mobile banking customers throughout 2013 and 2014. They also used effective social engineering lures like “The Interview” to bait victims into installing their fake apps.
ObservedCountries: South Korea.
Tools used
Operations performedDec 2020Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
<https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/>
Information<https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-south-korean-fake-banking-app-scam.pdf>

Last change to this card: 21 April 2021

Download this actor card in PDF or JSON format

Previous: [Vault 7/8]
Next: Yingmob

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key