APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

Security researchers found code similarities between the backdoor implanted in CCleaner and earlier APT17 samples, therefore implying that APT17 is behind the CCBkdr backdoor part of CCleaner Supply Chain Compromise.[2]

Associated Group Descriptions

Name Description
Deputy Dog

[1]

Techniques Used

Domain ID Name Use
Enterprise VT0004 .002 Supply Chain Compromise: Compromise Software Supply Chain

APT17 is suspected to be the APT group behind the supply chain compromise of CCleaner and the distribution of the backdoored version to over 2 million CCleaner users.

Tools

ID Name References Techniques
VS0007 CCBkdr APT17 is suspected to be the APT group inserted the CCBkdr backdoor to CCleaner and distributed it to over 2 million CCleaner users. Supply Chain Compromise: Compromise Software Supply Chain

References

Attachments

ID
VG0010
Associated Groups
Deputy Dog
Axiom
Version
1.1

Created: 05 May 2021

Last Modified: 05 May 2021