Cyber Threat Actor: APT12
| Actor Type | Location | Known Incidents |
Nation State
|
China
|
0 incidents |
|---|
Profile
The threat actor is referred to by the aliases APT12, DeputyDog, Axiom, and AXIUM. These aliases are the only names publicly associated with the actor in the provided context. The actor’s location is identified as China. Being designated a threat actor implies it is engaged in malicious cyber activities. No additional descriptive details about the actor are supplied in the prompt. Consequently, its specific objectives, methods, or affiliations remain undocumented in the source material.
Article 1 describes a macOS backdoor called JokerSpy used against a Japanese cryptocurrency exchange. The article notes the involvement of a Python and Swift toolset and references the intrusion set REF9134. Article 2 reports that a Chengdu‑based APT group, identified as APT41, stole at least twenty million dollars from US COVID‑relief funds. It explains that the theft targeted Small Business Administration loans and unemployment insurance across multiple states. Article 3 states that Taiwanese authorities linked the Winnti group to a ransomware attack on Taiwan’s state oil company CPC Corp. The article notes that configuration artifacts pointed to Winnti or a closely related group. Article 4 details a attempted intrusion against the South Korean video game company Gravity Co., Ltd., attributed to Winnti (also known as APT41, BARIUM, Blackfly). The malware used was characterized as a Winnti dropper aimed at downloading further payloads. Article 5 explains that ESET researchers found Winnti Group malware infecting two Hong Kong universities during the 2019 protests. The infections involved ShadowPad launcher samples with keylogging and screen‑capture modules. Article 6 discusses the Winnti Group’s use of a new modular Windows backdoor named PortReuse against an Asian mobile hardware and software manufacturer. It notes that PortReuse injects into listening processes and waits for a magic packet to activate. Article 7 reports that Winnti malware was discovered on the systems of dozens of major international companies across Europe, the United States, Japan and Indonesia. The piece highlights the group’s focus on long‑term data exfiltration and its use of phishing emails for initial access. Article 8 recounts Bayer’s containment of a cyber attack it attributed to Chinese hallmarks, mentioning the WINNTI malware. It notes that Bayer found the malware on its networks and worked with German authorities to investigate. Article 9 describes how a group called Evil Shadow Team defaced Malaysian government websites with a Happy New Year message in 2014. The article adds that the same group had previously defaced an Indian Microsoft Store. None of the nine articles mention any of the aliases APT12, DeputyDog, Axiom, or AXIUM. Therefore, the provided source material does not contain evidence of the actor’s targeting, objectives, tactics, techniques, procedures, attribution, or specific campaigns.
