APT18 is a Chinese nation-state-aligned threat group that has been active since approximately 2009. Security researchers generally agree that APT18 is directly supported by, and aligned with, the Chinese People’s Liberation Navy. APT18 has been actively targeting a broad mix of industry sectors, including manufacturing, technology, government, healthcare, defense, telecommunications, and human rights groups. Most of APT18’s malicious activities have focused on organizations in North America, specifically the United States.
APT18 threat actors have been closely associated with espionage and information theft from the targeted entities. Closely associated threat actor groups, or perhaps alternate names for APT18, include Dynamite Panda, Threat Group-0416, Wekby, and Scandium.
APT18 has been very visible in healthcare sector attacks. At one point, APT18 carried out a community health systems campaign, resulting in a data breach. They have also been involved in medical espionage while finding and exfiltrating patient data from medical device databases. APT18 has exfiltrated PHI data from vulnerable health systems. This data exfiltration has included patient information, medical device operational data believed to be used for industrial espionage, and intellectual property rights, including advanced proprietary designs. The goal was clearly to advance China’s industries at the expense of U.S. industries that have spent billions of dollars on research and development. At one point, data breaches were announced that disclosed the stolen medical data of over 4.5 million patients.
In one APT18 campaign, the threat actors targeted a zero-day vulnerability (CVE-2015-5119) which had been inadvertently leaked. Before a patch was released, APT18 launched phishing campaigns against many industry sectors, including defense, construction, engineering, energy, health, education, biotechnology, aerospace, high technology, non-profit, telecommunications, and transportation.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.