{ "id": "c9595b02-ac59-4686-b35f-77c6bb47aaa6", "created_at": "2026-04-06T03:36:47.885248Z", "updated_at": "2026-04-10T13:11:37.831897Z", "deleted_at": null, "sha1_hash": "5aa5b6cc38749d9913b6a0fe7010ca96855d8d0d", "title": "[Unnamed groups: China] - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 75899, "plain_text": "[Unnamed groups: China] - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-06 03:25:59 UTC\nHome \u003e List all groups \u003e [Unnamed groups: China]\n APT group: [Unnamed groups: China]\nNames [Unnamed groups: China] (?)\nCountry China\nSponsor State-sponsored\nMotivation Information theft and espionage\nFirst seen 2018\nDescription These are reported APT activities attributed to a country, but not to an individual threat group.\nObserved\nSectors: Defense, Government.\nCountries: Cambodia, Japan, Myanmar, Netherlands, Taiwan, USA and Worlwide.\nTools used COATHANGER.\nOperations performed\nJan 2018\nChina blamed for data theft from US Navy contractor\nJun 2019\nMitsubishi Electric discloses security breach, China is main suspect\nFeb 2020\nChina-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen\nRansomware\nMar 2020\nUnknown China-Based APT Targeting Myanmarese Entities\nOct 2020\nChina hacked Japan’s sensitive defense networks, officials say\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e319c38c-1f2c-434b-b1b9-6457bc585bcd\nPage 1 of 3\n\n2021\nMinority report: Fake human rights documents and websites used in cyberattacks\ntargeting Uyghurs, a Turkic ethnic minority in China\nJan 2022\nNews Corp discloses hack from 'persistent' nation state cyber attacks\nOct 2022\nAmnesty International Canada breached by suspected Chinese hackers\nOct 2022\nBarracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by\nAggressive and Skilled Actor, Suspected Links to China\nOct 2022\nSuspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-\n42475)\n2023\nMinistry of Defence of the Netherlands uncovers COATHANGER, a stealthy\nChinese FortiGate RAT\nApr 2023\nChina-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan\nSep 2023\nChinese APT Targeting Cambodian Government\nOct 2023\nLikely China-based Attackers Target High-profile Organizations in Southeast Asia\nFeb 2024\nHackers stole 'sensitive' data from Taiwan telecom giant: ministry\nCounter operations Jul 2021 The United States, Joined by Allies and Partners, Attributes Malicious Cyber\nActivity and Irresponsible State Behavior to the People’s Republic of China\n\nunited-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/\u003e\nMay 2024\nTreasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet\nMay 2024\n911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated\nInternational Operation\nDec 2024\nTreasury Sanctions Cybersecurity Company Involved in Compromise of Firewall\nProducts and Attempted Ransomware Attacks\nMar 2025\nTreasury Sanctions China-based Hacker Involved in the Compromise of Sensitive\nU.S. Victim Networks\nInformation\nLast change to this card: 21 April 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e319c38c-1f2c-434b-b1b9-6457bc585bcd\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e319c38c-1f2c-434b-b1b9-6457bc585bcd\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e319c38c-1f2c-434b-b1b9-6457bc585bcd" ], "report_names": [ "showcard.cgi?u=e319c38c-1f2c-434b-b1b9-6457bc585bcd" ], "threat_actors": [ { "id": "1b2e4010-c5ff-4866-9b32-5265e900d379", "created_at": "2024-03-11T02:02:37.083942Z", "updated_at": "2026-04-10T02:00:04.988898Z", "deleted_at": null, "main_name": "[Unnamed groups: China]", "aliases": [], "source_name": "ETDA:[Unnamed groups: China]", "tools": [ "COATHANGER" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775446607, "ts_updated_at": 1775826697, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5aa5b6cc38749d9913b6a0fe7010ca96855d8d0d.pdf", "text": "https://archive.orkl.eu/5aa5b6cc38749d9913b6a0fe7010ca96855d8d0d.txt", "img": "https://archive.orkl.eu/5aa5b6cc38749d9913b6a0fe7010ca96855d8d0d.jpg" } }