Description
[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. (Citation: Security Affairs Elderwood Sept 2012) The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers. (Citation: Symantec Elderwood Sept 2012) (Citation: CSM Elderwood Sept 2012)
Techniques Used (TTPs)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1204.002 — Malicious File (execution)
- T1566.002 — Spearphishing Link (initial-access)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1204.001 — Malicious Link (execution)
- T1189 — Drive-by Compromise (initial-access)
- T1203 — Exploitation for Client Execution (execution)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1027.002 — Software Packing (defense-evasion)
Total TTPs: 9