Uptime Hamster: 15d 3h 58mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Operation Wocao

Operation Wocao

1 incidentes 1 paises 1 sectores apt CN Ultimo: 2026-05-25
Ver en IntelTracker → APTTrail →
Operation Wocao is a cyber espionage campaign attributed with high confidence to a Chinese state-sponsored advanced persistent threat group, likely operating to support the interests of the Chinese government. The group first emerged in December 2017, with activities publicly reported in late 2019 by Fox-IT. This actor is notable for leveraging already compromised webshells, placed by other threat actors, for initial reconnaissance before deploying their own persistent access mechanisms. They are also known for their focus on operational security, meticulously removing file system-based forensic traces of their activities. The group's primary motivation is to collect sensitive intelligence, strategic data, and intellectual property. Operation Wocao is closely associated with, and shares tactics and tools with, the threat actor known as APT20. The name "Operation Wocao" originated from an observed command-line entry used by an actor, possibly out of frustration from losing webshell acce

Actores similares

influence-operationsactor · 1Operation Ghostwriterapt · 0Operation C-Majorapt · 0Operation Silent Skimmerapt · 0Operation Cobalt Whisperapt · 0Operation RusticWebapt · 0Operation LiberalFaceapt · 0Operation Olympic Gamesapt · 0Operation SalmonSlalomapt · 0Operation Digital Eyeapt · 0
Tecnicas MITRE
T1003.001, T1105, T1059.001, T1078.001, T1136.001
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

China (1)

Sectores atacados

Software (1)

Sectores objetivo (SOCRadar)

Energy & Utilities Transportation&WarehousingInformation ServicesFinanceAdministrative &Waste Management HealthCare & Social AssistancePublic AdministrationConstruction of BuildingsAir TransportationInsurance