Poison Ivy Group: 11 years of cyber espionage campaigns

Poison Ivy Group is known for their attacks which focus on stealing data from the Chinese government and scientific research institutions. Their attacks mainly focus on documents.

Distribution map of infected areas in China



In the research which was performed by 360.cn, it was made clear that the keywords which are used for targeting documents are: 

“201”,“2014”,“2015年”,“报”,“报告”,“兵”,“部队”,“对台”,“工作”,“规划”,“国”,“国际”,“航”,“合作”,“机”,“机场”,“基地”,“极地”,“军”,“军事”,“科技”,“密”,“内部”,“十”,“十三”,“台”,“台湾”,“铁路”,“无人”,“项”,“雪”,“研”,“运输”,“战”,“站”,“中”