Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:10:46 UTC
 APT group: GCHQ
Names
GCHQ (real name)
Government Communications Headquarters (real name)
Country UK
Sponsor State-sponsored
Motivation Information theft and espionage
First seen 1919
Description
(Wikipedia) GCHQ gains its intelligence by monitoring a wide variety of
communications and other electronic signals. For this, a number of stations have
been established in the UK and overseas. The listening stations are at Cheltenham
itself, Bude, Scarborough, Ascension Island, and with the United States at Menwith
Hill. Ayios Nikolaos Station in Cyprus is run by the British Army for GCHQ.
As revealed by Edward Snowden in The Guardian, GCHQ spied on foreign
politicians visiting the 2009 G-20 London Summit by eavesdropping phonecalls and
emails and monitoring their computers, and in some cases even ongoing after the
summit via keyloggers that had been installed during the summit.
Other publicly exposed major APT activities from GCHQ involve the wholesale
worldwide spying from programs such as, together with Equation Group,
INCENSER, where various international Internet trunks were tapped.
Observed
Sectors: Government, Telecommunications.
Countries: Belgium, UK.
Tools used Regin.
Operations performed
2009
GCHQ intercepted foreign politicians' communications at G20 summits
<https://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits>
2010 Operation Socialist
Breach of the infrastructure of the Belgian telecommunications company
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=9d92be76-3493-4c22-a22c-73e34bb2bb66
Page 1 of 2

Belgacom.
Information
Last change to this card: 17 July 2020
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=9d92be76-3493-4c22-a22c-73e34bb2bb66
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=9d92be76-3493-4c22-a22c-73e34bb2bb66
Page 2 of 2