Description
[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. [BlackTech](https://attack.mitre.org/groups/G0098) has used a combination of custom malware, dual-use tools, and living off the land tactics to compromise media, construction, engineering, electronics, and financial company networks.(Citation: TrendMicro BlackTech June 2017)(Citation: Symantec Palmerworm Sep 2020)(Citation: Reuters Taiwan BlackTech August 2020)
Techniques Used (TTPs)
- T1566.002 — Spearphishing Link (initial-access)
- T1204.001 — Malicious Link (execution)
- T1588.003 — Code Signing Certificates (resource-development)
- T1046 — Network Service Discovery (discovery)
- T1588.002 — Tool (resource-development)
- T1190 — Exploit Public-Facing Application (initial-access)
- T1021.004 — SSH (lateral-movement)
- T1106 — Native API (execution)
- T1203 — Exploitation for Client Execution (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1036.002 — Right-to-Left Override (defense-evasion)
- T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
- T1204.002 — Malicious File (execution)
- T1588.004 — Digital Certificates (resource-development)
Total TTPs: 14