Also known as: Dynamite Panda, Wekby, TG-0416
First known appearance: 2010
Threat Actors: People’s Republic of China (suspected)
Targets: Aerospace, defense and engineering sectors along with, more recently, healthcare, pharmaceutical and medical device companies
Objective: To steal IP related to technologies, processes and expertise
Overview: APT18 was responsible for a major data breach at Community Health Systems (CHS). Very little information about APT18 has been released into the public domain.
Associated malware: Gh0st remote access Trojan (RAT)
Typical attack vectors: APT18 attackers exploited the “Heartbleed” bug in a virtual private network (VPN) server within the CHS network, throwing thousands of messages at the server until it was able to gain access.