
APT5 Smashes Citrix's Networks
CitrixManganeseAPT5
APT5 is a sophisticated cyber espionage group that is believed to be based in China and has been active since at least 2007. The group primarily targets high-tech and telecommunications firms across the US, Europe, and Asia, using advanced malware and zero-day exploits to gain unauthorized access to networks and steal sensitive information.
Indicators of Compromise
office-updates.infoSOCRadar2023-03-17
local0.infoSOCRadar2023-03-17
css-ethz.chSOCRadar2023-03-17
bnt2.liveSOCRadar2023-03-17
profilepic.siteSOCRadar2023-03-17
gettogether.questSOCRadar2023-03-17
nco2.liveSOCRadar2023-03-17
APT Groups1
Pitty PandaChina
Pitty PandaPittyTiger
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1588 | .002 | Obtain Capabilities: Tool | PittyTiger has obtained and used tools such as Mimikatz and gsecdump.[1] |
| Enterprise | T1078 | Valid Accounts | PittyTiger attempts to obtain legitimate credentials during operations.[1] | |
Observed Countries11
BN (760)
ID (506)
KH (326)
LA (453)
MM (784)
MY (450)
PH (355)
SG (632)
TH (655)
US (470)
VN (539)