10 Most famous Hackers APT group in the world

Hacking groups, known as APTs (Advanced Persistent Threats), are currently posing threats to the advantages of numerous nations. They are believed to be associated with various countries. Below are 10 most famous hackers APT group in the world as listed by FINDUID. 

What is APT? Consequences of APT attacks

Cyber APT groups ( Advanced Persistent Threat) often have different objectives and tactics, such as stealing information, espionage, sabotaging network systems, or conducting cyber attacks targeting politics, economy, and national security. 

Information about APT groups and their activities is often unclear and subject to change over time. Accurately determining the origin and objectives of these groups can be challenging due to the secretive and complex nature of cyber espionage activities.

APT groups 

10 most famous Hackers APT group in the world

APT29 – Russia

APT29 (also known as Cozy Bear, The Dukes, CozyDuke) is an APT group believed to be linked to the Russian government, particularly the foreign intelligence agency SVR (Sluzhba Vneshney Razvedki). The group has been active since at least 2008 and is known for sophisticated and persistent cyber espionage campaigns.

APT29 primarily targets government, diplomatic, defense, and non-governmental organizations worldwide. They often focus on targets related to national security policies, information technology and communication, and scientific research.

APT29 employs various network attack techniques, including spear-phishing, supply chain attacks, and the use of custom malicious tools. The group has developed and utilized several distinctive tools and malware, including:

• MiniDuke, CosmicDuke, OnionDuke, CozyDuke: Malware designed to facilitate data theft, screen capture, remote audio recording, and control of target systems by APT29.

• SeaDaddy, SeaDuke, Hammertoss: Tools enabling APT29 to access and remotely control target systems through a Command and Control (C&C) infrastructure.

• WellMess, WellMail: Malware used in attacks targeting COVID-19 vaccine research organizations.

APT29 – Russia

APT38 – North Korea 

APT38 (also known as Lazarus Group, Hidden Cobra, Guardians of Peace, DarkSeoul) is an Advanced Persistent Threat (APT) group originating from North Korea. This group primarily focuses on financial cyber attacks, targeting financial institutions, banks, and other financial organizations worldwide.

APT38 employs various sophisticated cyber attack techniques, including spear-phishing, custom malware, and Command & Control (C&C) systems. They have developed and used specific tools and malware, including:

• BANKSHOT, FASTCash: Malware designed to help APT38 steal financial information, perform fraudulent transactions, and remotely control target systems.

• RATANKBA, HARDRAIN: Tools that assist APT38 in accessing and controlling target systems remotely through the Command & Control infrastructure.

• MANUSCRIPT, FALLCHILL: Malware designed to help APT38 steal information and carry out other espionage activities.

APT38 – North Korea 

APT41 – China

APT41 (also known as Barium, Winnti, Wicked Panda, Wicked Spider) – China, is a distinctive APT group originating from China, notable for its combined activities involving state-sponsored intelligence and cybercrime. 

They target government organizations, defense entities, the gaming industry, information technology, pharmaceuticals, and telecommunications globally. APT41's objective is to steal sensitive information, technology secrets, military intelligence, and critical infrastructure details to support China's strategic goals and policies.

APT41 – China

APT28 – Russia

APT28 (also known as Fancy Bear, Sofacy, PawnStorm, Sednit, Strontium) is an group to be linked to the Russian government, specifically the GRU – Russian Military Intelligence Directorate. The group has been active since 2008 and is one of the most well-known APT groups globally.

APT28 primarily targets entities related to politics, military, and non-governmental organizations. APT28 employs sophisticated and complex network attack techniques, including spear-phishing, custom malware, 0-day attack methods, and multi-layered Command & Control (C&C) systems. 

They have developed and used various specialized tools and malicious software, including:

• Sofacy, X-Agent, X-Tunnel: Cross-platform tools assisting APT28 in stealing information, capturing screenshots, remote audio recording, and controlling target systems.

• Seduploader, Sedreco, JHUHUGIT: Malware facilitating information theft, file uploading/downloading, and remote code execution on target systems.

• SoursFace, Chopstick: Tools enabling APT28 to monitor and control target systems through the C&C infrastructure.

APT28 – Russia

APT34 – Iran

APT34 (also known as OilRig, Helix Kitten, Cobalt Gypsy) is an Advanced Persistent Threat (APT) group originating from Iran. The group primarily targets government organizations, defense entities, financial institutions, energy sectors, and non-governmental organizations in the Middle East, North America, and Europe.

APT34 employs sophisticated network attack techniques, including spear-phishing, custom malware, and Command & Control (C&C) systems. They have developed and utilized various specialized tools and malicious software, including:

• BONDUUPDATE, POWRUNER: Malware assisting APT34 in stealing information, capturing screenshots, and controlling target systems.

• QUADAGENT, RGDoor: Tools enabling APT34 to access and control target systems remotely through the C&C infrastructure.

• KARKOFF, DNSpionage: Malware aiding APT34 in information theft and conducting other espionage activities.

APT34 – Iran

APT35 – Iran 

APT35 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef) is an APT group originating from Iran. The group has been active since at least 2011 and primarily targets government organizations.

APT35 employs various sophisticated network attack techniques, including spear-phishing, custom malware, and Command & Control (C&C) systems. They have developed and utilized several specialized tools and malicious software, including:

• ClearSky, MacDownloader: Malware assisting APT35 in stealing information, capturing screenshots, and controlling target systems.

• NetRepser, POISONFROG: Tools helping APT35 to access and control target systems remotely through the C&C infrastructure.

• TwoFace, DownPaper: Malware aiding APT35 in stealing information and conducting other espionage activities.

APT35 – Iran 

APT32 – Vietnam

APT32 is a hacking group originating from Vietnam. The group's objective is to steal sensitive information, political secrets, military intelligence, and information related to critical infrastructure to support Vietnam's strategic goals and policies.

APT32 employs various sophisticated network attack techniques. They have developed and utilized several specialized tools and malicious software, including OceanLotus, SeaLotus, Cobalt Kitty, APT-C-00, and OceanBuffalo. Information about these tools remains classified and undisclosed to the public.

APT32 – Vietnam

APT33 – Iran

APT33, also known as Elfin, Refined Kitten, and Magnallium, is a hacking group originating from Iran. The group has been active since at least 2013 and primarily targets government organizations, defense, energy, oil and gas, and non-governmental organizations in the Middle East, North America, and Europe.

APT33 employs various sophisticated network attack techniques, including spear-phishing, custom malware, and Command & Control (C&C) systems. They have developed and utilized several specialized tools and malicious software, including:

• DROPSHOT, TURNEDUP: These malicious software programs assist APT33 in stealing information, capturing screenshots, and controlling the targeted system.

• StoneDrill, SHAPESHIFT: These tools help APT33 in accessing and remotely controlling the targeted systems through the Command & Control (C&C) system.

• Nanocore, NJRAT: These malicious software programs aid APT33 in stealing information and carrying out various espionage activities.

APT33 – Iran

APT30 – China

APT30, also known as APT-C-01, is a hacking group associated with the Chinese government. The group has been active since at least 2005 and primarily targets government organizations, defense, foreign affairs, and non-governmental organizations in Southeast Asia and the Indo-Pacific region.

APT30 employs various sophisticated network attack techniques, including spear-phishing, custom malware, and multi-tiered Command & Control (C&C) systems. They have developed and utilized several specialized tools and malicious software, including:

• NetEagle, Backspace: These malicious software programs aid APT30 in stealing information, capturing screenshots, remote audio recording, and controlling the targeted system.

• Flashflood, Lecna: These tools help APT30 in accessing and remotely controlling the targeted systems through the Command & Control (C&C) system.

• Spaceship, Flashlight: These malicious software programs assist APT30 in stealing information and uploading/downloading files on the targeted system.

APT30 – China

APT40 – China

APT40 (also known as Periscope, TEMP.Periscope, TEMP.Jumper, Leviathan) – China, is an Advanced Persistent Threat group originating from China. This group targets government organizations, defense, navy, maritime industry, and information technology, especially in the Southeast Asia and the United States. 

APT40's objective is to steal sensitive information and secrets related to maritime strategy, national security, and new technologies. APT40 employs various sophisticated network attack techniques, including spear-phishing, custom malware, and Command & Control (C&C) systems.

APT40 – China

The article from FINDUID has provided you with 10 Most famous Hackers APT group in the world. Stay tuned for more interesting information by following us.