APT3

State-backed: China

Associated Groups : Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, TG-0110

Estimated time of origin:

Target sectors: Aerospace and Defense, Construction and Engineering, High Tech, Telecommunications, Transportation

Strategy : Phishing campaign exploiting Adobe Flash (CVE-2015-3113 & CVE-2015-5119) and bypass Address Space Layout Randomization (ASLR), and uses Return-Oriented Programming (ROP) to bypass Data Execution Prevention (DEP).

Malwares:

SHOTPUT
COOKIECUTTER
SOGU

Noteworthy:

Shift attack to Hong Kong.
Uses 0day vulnerabilities that can bypass ASLR & DEP.
CVE-2015-5119 was leaked from Hacking Team data breach, then used by APT3 & APT18.

Reference

Symatec: Buckeye cyberespionage group shifts gaze from US to Hong Kong MITRE ATT&CK FireEye: New Zero-Day Exploit targeting Internet Explorer