APT14

Who is APT14?

APT14 is attributed to China in a brief post by CrowdStrike. CrowdStrike revealed that APT14 was “targeting both civilian and military maritime operations in the green/brown water regions primarily in the area of operations of the South Sea Fleet of the PLA Navy” during 2012-2013. The post was written in March 2013 describing the investigation CrowdStrike performed over the year prior. APT14 was also described as targeting western companies “involved in maritime satellite systems, aerospace companies, and defense contractors” to include the US, Germany, Sweden, the UK, and Australia among others. “Not surprisingly, embassies and diplomatic missions in the region, foreign intelligence services, and foreign governments with space programs were also targeted.” [1]

The industries and countries targeted are common among Chinese APT groups and also match goals in China’s five-year plans.

Aliases

  • Anchor Panda

Associated Individuals

CrowdStrike attributes activity of APT14 to China. [1]

Notable Attacks

No publicly referenced attacks

Tactics

CrowdStrike provided Snort signatures for Gh0st, Poison Ivy, and Torn RAT. These are the only indicators leading to tactics associated with APT14.

Targets

  • Areas of maritime operations for the South Sea Fleet of the PLA Navy
  • Western companies “involved in maritime satellite systems, aerospace companies, and defense contractors”
    • US, Germany, Sweden, the UK, and Australia among others

References

[1] – https://www.crowdstrike.com/blog/whois-anchor-panda/

Subscribe to Gambitsec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe