• Believed to be behind the Singapore health-care breach in July 2018.
This threat actor has been active since mid-2017, targeting mainly health-care, media, telecommunications, and engineering organizations in Singapore, in addition to multinational companies with a presence in the country. The group has also targeted defense, telecommunications, and energy companies in Russia, the United Kingdom, and Southeast Asia. The group relies on a combination of custom malware, open-source hacking tools, and legitimate applications to achieve its goals.
Suspected victims
  • Singapore
  • Russia
  • United Kingdom
Suspected state sponsor
  • Unknown
Target category
  • Government
  • Private sector