APT18

Also known as: Dynamite Panda, Wekby, TG-0416

First known appearance: 2010

Threat Actors: People’s Republic of China (suspected)

Targets: Aerospace, defense and engineering sectors along with, more recently, healthcare, pharmaceutical and medical device companies

Objective: To steal IP related to technologies, processes and expertise

Overview: APT18 was responsible for a major data breach at Community Health Systems (CHS). Very little information about APT18 has been released into the public domain.

Associated malware: Gh0st remote access Trojan (RAT)

Typical attack vectors: APT18 attackers exploited the “Heartbleed” bug in a virtual private network (VPN) server within the CHS network, throwing thousands of messages at the server until it was able to gain access.

 

World political