Type: Nation-State-Sponsored

Status: believed active

Active Since/Discovered: 2013

Last Report: Oct. 2013

Targets:

• civilian and military maritime operations in the green/brown water regions in the area of operations of the South Sea Fleet of the PLA Navy
• Also targeted companies in the United States, Germany, Sweden, the UK, Australia, and other nations involved in maritime satellite systems, aerospace industries, and the defense sector

Target Sectors: maritime satellite systems, aerospace companies, and defense contractors

Malware:

• • Adobe Ghost
  • Poison Ivy
  • Torn RAT

Preferred Attack Vector:  spear phishing

Unique:

• May be PLA NAVY
• Marker for encrypted binaries  – “PdPD” (50 64 50 44)