Whitefly, Mofang - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-02 12:02:55 UTC
Home > List all groups > Whitefly, Mofang
 APT group: Whitefly, Mofang
Names
Whitefly (Symantec)
Mofang (Fox-IT)
TEMP.Mimic (FireEye)
Bronze Walker (SecureWorks)
ATK 83 (Thales)
SectorM04 (ThreatRecon)
Superman (?)
G0103 (MITRE)
G0107 (MITRE)
Country [Unknown]
Motivation Information theft and espionage
First seen 2012
Description
(Fox-IT) Mofang is a threat actor that almost certainly operates out of China and is
probably government-affiliated. It is highly likely that Mofang’s targets are selected
based on involvement with investments, or technological advances that could be
perceived as a threat to the Chinese sphere of influence. This is most clearly the case
in a campaign focusing on government and critical infrastructure of Myanmar that is
described in this report. Chances are about even, though, that Mofang is a relevant
threat actor to any organization that invests in Myanmar or is otherwise politically
involved. In addition to the campaign in Myanmar, Mofang has been observed to
attack targets across multiple sectors (government, military, critical infrastructure
and the automotive and weapon industries) in multiple countries.
Observed
Sectors: Automotive, Critical infrastructure, Defense, Engineering, Government,
Healthcare, Media, Telecommunications and weapon industries.
Countries: Canada, Germany, India, Myanmar, Singapore, South Korea, USA.
Tools used Mimikatz, Nibatad, ShimRAT, Termite, Vcrodat, Living off the Land.
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=59308a4a-3c7b-4589-87e5-0c4d0d19274e
Page 1 of 2

Operations performed Jul 2018
Breach of SingHealth
Information
MITRE ATT&CK
Last change to this card: 16 August 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=59308a4a-3c7b-4589-87e5-0c4d0d19274e
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=59308a4a-3c7b-4589-87e5-0c4d0d19274e
Page 2 of 2