Menu
Browse

Cyber Threat Actor: optusdata

Actor Type Location Known Incidents
 Icon
Nation State
China
3 incidents
Profile

The threatactor known by the alias optusdata is associated with Chinese state‑sponsored activity, with publicly available reporting indicating a location in China. Attribution to the Chinese government is explicitly stated in the descriptions of the 2019 Amnesty International Hong Kong incident and the 2018 Alaska government reconnaissance, both of which cite tools and techniques consistent with advanced persistent threat groups linked to Beijing. The actor’s known aliases and geographic tie are the only confirmed identity details provided in the source material.

Targeting patterns observed across the reported incidents include telecommunications providers in Australia, non‑governmental organizations in Hong Kong, and government natural‑resources agencies in the United States Alaska region. The Optus breach involved unauthorized access to customer personal data, which the reporting notes could be leveraged for espionage or criminal activities such as social engineering and SIM‑swapping schemes. The Amnesty International compromise sought supporter information, aligning with an espionage objective aimed at monitoring human‑rights work. The Alaska operation focused on network reconnaissance of oil and gas sectors, described as supporting China’s Belt and Road Initiative economic goals, indicating a strategic interest in gathering intelligence on energy infrastructure relevant to bilateral trade discussions.

Reported tactics, techniques, and procedures referenced in the sources consist of network reconnaissance and systematic scanning to identify vulnerabilities, the use of infrastructure associated with Tsinghua University for launching the Alaska activity, and the employment of sophisticated tools and techniques characteristic of APT groups in the Amnesty International attack. The Optus incident involved unauthorized acquisition of names, dates of birth, contact details, addresses, and identity document numbers, though specific malware families or initial‑access vectors are not detailed in the provided material. No additional TTPs such as particular exploit kits or command‑and‑control infrastructures are mentioned.

Significant publicly reported operations attributed to this actor include the September 2022 breach of Optus, Australia’s second‑largest telecommunications provider, the March 2019 cyberattack on the Hong Kong branch of Amnesty International, and the March 2018 network reconnaissance targeting the State of Alaska Government and its Department of Natural Resources. These examples illustrate the actor’s focus on telecom data, human‑rights organization information, and energy‑sector intelligence, reflecting the observed targeting sectors and strategic objectives outlined in the source reporting.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
1 source