G0098 · 14 ATT&CK techniques · 0 correlated reports

BlackTech

Aliases: Palmerworm

BlackTech is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. BlackTech has used a combination of custom malware, dual-use tools, and living off the land tactics to compromise media, construction, engineering, electronics, and financial company networks.

Open interactive actor investigation

ATT&CK techniques

T1566.002
Spearphishing Link T1204.001
Malicious Link T1588.003
Code Signing Certificates T1046
Network Service Discovery T1588.002
Tool T1190
Exploit Public-Facing Application T1021.004
SSH T1106
Native API T1203
Exploitation for Client Execution T1566.001
Spearphishing Attachment T1036.002
Right-to-Left Override T1574.002
DLL Side-Loading T1204.002
Malicious File T1588.004
Digital Certificates

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research