APT12
Also known as: Calc Team

Suspected attribution: China

Target sectors: Journalists, government, defense industrial base

Overview: APT12 is believed to be a cyber espionage group thought to have links to the Chinese People's Liberation Army. APT12's targets are consistent with larger People's Republic of China (PRC) goals. Intrusions and campaigns conducted by this group are in-line with PRC goals and self-interest in Taiwan.

Associated malware: RIPTIDE, HIGHTIDE, THREBYTE, WATERSPOUT

Attack vectors: FireEye observed APT12 deliver these exploit documents via phishing emails from valid but compromised accounts. Based on past APT12 activity, we expect the threat group to continue to utilize phishing as a malware delivery method.