Fishing Elephant - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 14:37:50 UTC
Home > List all groups > Fishing Elephant
 APT group: Fishing Elephant
Names Fishing Elephant (Kaspersky)
Country [Unknown]
Motivation Information theft and espionage
First seen 2019
Description
(Kaspersky) During the last months of 2019, we observed an ongoing campaign conducted by
Fishing Elephant. The group continues to use both Heroku and Dropbox in order to deliver its
tool of choice, AresRAT. We discovered that the actor incorporated a new technique into its
operations that is meant to hinder manual and automatic analysis – geo-fencing and hiding
executables within certificate files. During our research, we also detected a change in
victimology that may reflect the current interests of the threat actor: the group is targeting
government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.
Observed
Sectors: Government.
Countries: Bangladesh, China, Pakistan, Turkey, Ukraine.
Tools used AresRAT.
Information Last change to this card: 01 May 2020
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7
Page 1 of 1