Also known as: UPS
First known appearance: 2014
Threat Actors: Undisclosed (based in China)
Targets: Companies in the energy, aerospace and defense, construction and engineering, high-tech, telecommunications and transportation sectors
Overview: APT3 leverages zero-day vulnerabilities in widespread but infrequent phishing campaigns. The recent use of known exploits, social engineering and more frequent attacks implies a possible shift in strategy and possibly a lack of access to further zero-day exploits. Regardless, APT3 has been identified as the main actor behind a major attack campaign called Operation Clandestine Fox.
Associated malware: Shotput, CookieCutter, PlugX/Sogu
Typical attack vectors: APT3 is primarily known for sending out spear-phishing messages that contain a compressed executable attachment. The attackers leveraged multiple exploits to target CVE-2014-6332 and CVE-2014-4113.