Operation Wocao
1 incidentes
1 paises
1 sectores
apt CN Ultimo: 2026-05-25
Operation Wocao is a cyber espionage campaign attributed with high confidence to a Chinese state-sponsored advanced persistent threat group, likely operating to support the interests of the Chinese government. The group first emerged in December 2017, with activities publicly reported in late 2019 by Fox-IT. This actor is notable for leveraging already compromised webshells, placed by other threat actors, for initial reconnaissance before deploying their own persistent access mechanisms. They are also known for their focus on operational security, meticulously removing file system-based forensic traces of their activities. The group's primary motivation is to collect sensitive intelligence, strategic data, and intellectual property. Operation Wocao is closely associated with, and shares tactics and tools with, the threat actor known as APT20. The name "Operation Wocao" originated from an observed command-line entry used by an actor, possibly out of frustration from losing webshell acce
Sectores atacados
Software (1)
Sectores objetivo (SOCRadar)
Energy & Utilities Transportation&WarehousingInformation ServicesFinanceAdministrative &Waste Management HealthCare & Social AssistancePublic AdministrationConstruction of BuildingsAir TransportationInsurance