变脸, Teng Snake (a.k.a. Code Core)

Date 2022. 07. 07

Executive Summary

The “Teng Snake” team has created Telegram channels and group chats from October 2021. At the time, the team consisted of 4 core members and 7 sub-teams, and systematically operated channels and group chats. They claimed that they were APT-C-61, promoted provocatively, operated study teams, and recruited team members.

  • (2022–02–10) Claimed to be APT-C-61 and started full-fledged activities.
  • (2022–03–19) Shared the information about a Korean website vulnerability and a list of 97 websites that may have the same vulnerability in one of the Teng Snake-managed group chats.
  • (2022–04–07) Started selling PII(Personal Identifiable Information) and chemicals, and receiving hacking requests.
  • (2022–05–02) A user named uteus, who claimed to be White Dawn team, uploaded a post on an underground forum titled “South Korean health department invades” that was selling AD server privileges from an association.

— The same post was uploaded to the newly opened Code Core Telegram channel on May 6 and Soaring Snake Twitter account on May 7 and 13.

☑️ Click here to learn more