Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:36:17 UTC
 APT group: IndigoZebra
Names
IndigoZebra (Check Point)
G0136 (MITRE)
Country China
Motivation Information theft and espionage
First seen 2014
Description
(Check Point) Check Point Research (CPR) has observed an ongoing cyber espionage
operation targeting the Afghan government. Believed to be the Chinese-speaking hacker
group known as “IndigoZebra”, the threat actors behind the espionage leveraged
Dropbox, the popular cloud storage service, to infiltrate the Afghan National Security
Council (NSC). Further investigation by CPR revealed that this is the latest in longer-running activity targeting other Central Asian countries, Kyrgyzstan and Uzbekistan,
since at least 2014.
Observed Countries: Afghanistan, Kyrgyzstan, Uzbekistan.
Tools used Dropbox.
Information
MITRE ATT&CK Last change to this card: 16 August 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7
Page 1 of 1