ITG07 is an alternate name for the group known as APT39

---

ITG07 is an advanced persistent threat (APT) that has been active since at least 2013, targeting government agencies and organizations in South Korea, Japan, China, Taiwan, Hong Kong, Macau, Singapore, Malaysia, the Philippines, Thailand, Vietnam, Cambodia, Laos, Myanmar, Indonesia, Australia, New Zealand, Papua New Guinea, Fiji, Tonga, Samoa, Cook Islands, and Kiribati. It is believed to be a state-sponsored threat actor from China or North Korea, although the exact affiliation remains unclear. The group has been linked to several high-profile cyber attacks on government agencies in South Korea, including the National Intelligence Service (NIS) and Defense Security Command (DSC). ITG07 is known for its sophisticated tactics, such as using spear phishing emails with malicious attachments or links

Techniques, tactics and practices:

ITG07 is a highly sophisticated threat actor that uses various techniques to compromise its targets. Some of these include spear phishing emails with malicious attachments or links, exploiting vulnerabilities in software and operating systems, using zero-day attacks, and conducting social engineering campaigns to gain access to sensitive information. The group is also known for its use of customized malware, such as the \"Gemini\" trojan, which can evade detection by antivirus programs. Additionally, ITG07 has been observed using tactics like watering hole attacks and targeted email campaigns that are tailored to specific organizations or individuals. Overall, ITG07 is a highly advanced threat actor with a wide range of techniques at its disposal.