Skip to content

More than 90 attacks uncovered in APT campaign

Trend Micro researchers uncover spread of Luckycat beyond original targets

The Luckycat threat, first documented in 2012 by our friends at Symantec, had a much more diverse target set than previously thought. Not only did the Luckycat perpetrators target military research in India as reported, they expanded the attacks to hit other sensitive entities in Japan, as well as India, including heavily targeted Tibetan activists.

The Luckycat campaign was a sophisticated cyber-espionage campaign that attacked a diverse set of more than 90 targets. The attackers used a variety of methods, some of which have been linked to other cyber-espionage campaigns and even tagged their attacks with campaign codes to measure success.

The attackers behind this campaign maintain a variety of command-and-control infrastructures and leverage anonymity tools to obfuscate their operations.

Targeted industries and communities include:

  • Aerospace
  • Energy
  • Engineering


  • Shipping
  • Military research
  • Tibetan activists

Careful monitoring allowed us to capitalize on some mistakes made by the attackers, and give us a glimpse of their identities and capabilities. We were able to track elements of this campaign to hackers based in China.

Get more insight in our blog post.
See our detailed findings in the white paper Luckycat Redux (PDF).


Understanding attack tools, techniques, and infrastructure, as well as how an individual incident is related to a broader attack campaign, provides the context necessary to assess the impact of an attack and come up with defensive strategies.

Trend Micro customers can be proactive in combatting advanced persistent threats with tools that give you network-wide visibility, actionable threat intelligence, and timely vulnerability protection.

Social Media

Connect with us on