Elderwood

elderwood · primary source: MITRE · first observed 2009

CN · ChinaState-sponsoredModerate confidence

Chinese cyberespionage intrusion set publicly attributed to a Beijing-based group and best known for Operation Aurora — a mid-2009 to January 2010 campaign against Google, Adobe, Juniper Networks, and approximately 30 other technology, defense, and supply-chain firms. Google's January 12 2010 'A new approach to China' blog post publicly disclosed the intrusion and China's role. The 'Elderwood Project' name was coined by Symantec in 2012 after a shared zero-day-delivery framework — the Elderwood platform — used across multiple simultaneously-run supply-chain and watering-hole campaigns against defense manufacturers and NGOs.

Aliases

Beijing GroupOtherSneaky PandaCrowdStrikeElderwood GangOther

Motivations

espionage

Target sectors

technologydefensemanufacturingngoenergy

Target countries

USGBDEJPTW

Diamond Model

Caltagirone / Pendergast / Betz 2013 — four-vertex attribution framework.

Adversary

Elderwood
China
espionage

Capability

Infrastructure

—

Victim

technology
defense
manufacturing
US
GB
+1 more

MITRE ATT&CK techniques

T1189 T1203 T1566.001 T1204.002

Timeline

0 events

No timeline events recorded yet.

Indicators of compromise

0 indicators

No indicators of compromise have been cataloged for this actor yet.

Related actors

shared ATT&CK techniques

KP · DPRKAPT373 shared techniques
RU · RussiaRomCom2 shared techniques
- T1203
- T1566.001
IR · IranAPT341 shared technique
- T1566.001
IR · IranAPT391 shared technique
- T1566.001
?? · UnknownBlackSuit1 shared technique
- T1566.001
RU · RussiaCOLDRIVER1 shared technique
- T1566.001

References

cite this page

Threat Intel Tracker. (2026-05-19). Elderwood — actor profile. Retrieved from https://threatintel.local/actors/elderwood

no cited activity