Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:24:05 UTC
Home > List all groups > Operation SLOW#TEMPEST
 APT group: Operation SLOW#TEMPEST
Names Operation SLOW#TEMPEST (?)
Country China
Motivation Information theft and espionage
First seen 2024
Description
(Securonix) The Securonix Threat Research team has uncovered a covert campaign targeting
Chinese-speaking users with Cobalt Strike payloads likely delivered through phishing emails.
The attackers managed to move laterally, establish persistence and remain undetected within
the systems for more than two weeks.
Observed Countries: China.
Tools used Cobalt Strike, Mimikatz.
Information
Last change to this card: 16 August 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=74200598-520d-4bf8-af62-e1fc08587450
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=74200598-520d-4bf8-af62-e1fc08587450
Page 1 of 1