From 58415324c576354b0e2361cf5aff2aa339b7cddd Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 24 Jan 2020 08:27:20 +0100 Subject: [PATCH] add Operation Wocao --- clusters/threat-actor.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 415303e..717219d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7872,6 +7872,15 @@ }, "uuid": "c4ce1174-9462-47e9-8038-794f40a184b3", "value": "SideWinder" + }, + { + "value": "Operation Wocao", + "description": "Operation Wocao (我操, “Wǒ cāo”, used as “shit” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.\nThis report details the profile of a publicly underreported threat actor that Fox-IT has dealt with over the past two years. Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes. With medium confidence, Fox-IT assesses that the tools, techniques and procedures are those of the actor referred to as APT20 by industry partners. We have identified victims of this actor in more than 10 countries, in government entities, managed service providers and across a wide variety of industries, including Energy, Health Care and High-Tech.", + "meta": { + "refs": [ + "https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/" + ] + } } ], "version": 149