APT16 is a threat actor attributed to CN, also known as G0023, SVCMONDR. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does APT16 exploit?

Specific CVE exploitation data for APT16 is being tracked. Check the Strobes VI threat actor profile for updates.

APT16

Also known as: G0023, SVCMONDR

Exploited CVEs

Overview

Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database