Uptime Hamster: 15d 14h 36mDeploy: 14 Jul 2026 21:26Updated: 2026-07-14
Logo del actor de amenaza SVCMONDR

SVCMONDR

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Aliases: G0023, APT 16, SVCMONDR, CVE-2015-2545, Taiwan, Thailand, Tamper Panda, Earth Aughisky, G0015, Roudan, LuckDLL, GrubbyRAT, Taikite, SiyBot, el marcador PdPD para binarios encriptados
Ver en IntelTracker → APTTrail →
SVCMONDR is a state-sponsored threat actor, also known by the aliases APT 16 and G0023, that first emerged in late 2015. The group is assessed with high confidence to be of Chinese origin, evidenced by its alignment with Chinese nation-state activities. SVCMONDR's primary motivation is information theft and espionage, targeting critical infrastructure and governmental organizations. The group is distinguished by its use of sophisticated spear-phishing attacks that exploit vulnerabilities like the EPS dict copy use-after-free vulnerability and the Windows privilege escalation vulnerability CVE-2015-1701. These campaigns typically deploy custom malware such as the IRONHALO downloader and the ELMER backdoor, and the group has been observed compromising legitimate websites to serve as staging servers for its payloads. SVCMONDR's initial operations primarily focused on organizations in Japan, Taiwan, and Thailand within high-tech, government, media, and financial services sectors.

Aliases del actor

G0023APT 16SVCMONDRCVE-2015-2545TaiwanThailandTamper PandaEarth AughiskyG0015RoudanLuckDLLGrubbyRATTaikiteSiyBotel marcador PdPD para binarios encriptados

Actores similares

apt-earthberberokaactor · 1apt-earthhundunactor · 1apt-earthwendigoactor · 1apt-sharppandaactor · 1apt-twistedpandaactor · 1Mustang Pandaapt · 1APT27 (Emissary Panda)actor · 1Putter Pandaapt · 1Stone Pandaapt · 0Vicious Pandaapt · 0
Motivacion