APT 018

Also known as: Wekby, Dynamite Panda

Suspected attribution: China

Target sectors: Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, Transportation

Overview: Very little has been released publicly about this group.

Associated malware: Gh0st RAT

Attack vectors: Frequently developed or adapted zero-day exploits for operations, which were likely planned in advance. Used data from Hacking Team leak, which demonstrated how the group can shift resources (i.e. selecting targets, preparing infrastructure, crafting messages, updating tools) to take advantage of unexpected opportunities like newly exposed exploits.

Threatpost: „Community Health Systems said the data lost in the breach included non-medical patient identification data related to its physician practice operations. The 4.5 million victims were patients who were referred to or received services from physicians tied to Community Health Systems, the company said in its SEC filing. No credit card, medical or clinical information was lost, the company said, adding that the data is considered protected under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires breach victims to notify affected patients; it said it carries cyber and privacy liability insurance protecting it from losses.“