Cyberwar capabilities of China

The cyberwar capabilities of China has no borders, the country is developed and they have the resources to train cyberwar soldiers. The combination of their cyberwar soldiers, ethics, culture and their lust for intelligence and intellectual property makes China one of the most active threat actors that wanders on the political borders of cyberconflict.

In the last decade China’s Specialized military network warfare forces has performed various campaigns.

Some of their advanced persistent threats have been dubbed: APT 16, APT 2, Axiom, Comment Crew, Hidden Lynx, IXESHE, Shell Crew, Wekby and Winnti Group.

Known Advanced Persistent Threats

Anchor Panda
APT 16
APT 2
APT 22
APT 26
APT 4
APT 6
Axiom
BARIUM
Beijing Group
Big Panda
C0d0so
Comment Crew
DragonOK
Electric Panda
Eloquent Panda
Emissary Panda
Foxy Panda
Gibberish Panda
Goblin Panda
Group 27
Hammer Panda
Hidden Lynx
Hurricane Panda
Ice Fog
Impersonating Panda
Iron Group
IXESHE
Karma Panda
Keyhole Panda
LEAD
Lotus Blossom
Lucky Cat
Mana Team
Mirage
Mofang
Naikon
NetTraveler
Night Dragon
Nightshade Panda
Pale Panda
PassCV
Pirate Panda
Pitty Tiger
PLATINUM
Poisonous Panda
Predator Panda
Radio Panda
Sabre Panda
Scarlet Mimic
Shell Crew
Spicy Panda
SPIVY
Stone Panda
Suckfly
SVCMONDR
TA459
TEMP.Periscope
TEMP.Zhenbao
Temper Panda
Test Panda
Thrip
Tick
Tonto Team
Toxic Panda
Union Panda
UPS
Violin Panda
Wekby
Wet Panda
Winnti Group
Wisp Team

In the last decade the Specialized Military Network Warfare Forces have carried out cyber attacks with the use of well known security tools, various range of remote administration tools and trojans. China is on top of their game, the list below shows the various but limited range of tools, vulnerabilities and exploits that they have used of which we know of.

150 tools, exploits and vulnerabilities

3001 RAT
3102 RAT
9002 RAT
AceHash
Adobe Gh0st
Agent.XST
AIRBREAK
AMT Feature FW evasion
ASPXTool
Backdoor.Boda
Backdoor.Moudoor
Backdoor.Vasport
BACKSPACe
BADFLICK
Beacon
Bergard Trojan
BLACKCOFFEE
BS2005
BUBBLEWRAP
CAKELOG
CANDYCLOG
Carberp RAT
CETTRA
ChChes
China Chopper
China Chopper Webshell
CobaltStrike
Conpee
Cookie Cutter
COOKIECLOG
CVE-2015-1641
CVE-2015-2545
CVE-2017-11882
Dagger Three (C2 software)
Daserf
Datper
Deputy Dog
Derusbi
dnsenum
Elderwood Project
Elise Backdoor
ELMER backdoor
Etso
Etumbot
EvilGrab
FakeM
Firefox
Fscan
Fucobha Backdoor
Gh0st RAT
Gofarer
Grabber
gsecdump
HcdLoader
HDRoot
Hightide
Hikit
HOMEFRY
HTRAN
HTTPBrowser
Hunter
HydraQ
icmp_shell
IEChecker
IsSpace
Joy RAT
jRat
Jynxkit
Kaba
Kitkiot
Kivars
Korplug
LOWBALL
Lstudio
LUNCHMONEY
China Chopper
Mimikatz
Mirage
MobileOrder
MSUpdater
Mswab
MURKYTOP
nbtscan
NetCommander
NETEAGLE
NetTraveler
Nidiran
Paladin RAT
PCrat
PHOTO
Pirpi
PisLoader
PittyTiger
PlugX
Sogu
PoisonIvy
procdump
PsExec
Psylo
Quasar
Rambo Backdoor
RARSTONE
rdp_crk
RedLeaves
Riptide
RoyalCli
Runxx
Sabre
Sakula
Sakurel
Scanbox Framework
ShimRAT
ShimRATReporter
Shotput
ShowNews
SLServer
SportLoader
Sysget
T9000
ThreeByte
TidePool
Timestomper
TokenControl
Torn RAT
Trochilus
Trochilus RAT
Trojan.Hydraq
Trojan.Naid
TXER
UP007
UPPERCUT (aka ANEL)
VBS
Waterspout
wce
WCE
WEBCnC
Webshells
whoami
Winnti
XBash
XSControl
XSLCmd
ZeGhost
ZeroT
ZxShell

Sources used
This page was build by using the following resources:

apt.threattracking.com
fireeye.com/current-threats/apt-groups.html
threatminer.org/
apt.securelist.com/#!/threats