Campaign · all campaigns
Operation CuckooBeesC0012 unknown
aka Operation CuckooBees
Last updated: 2026-07-03
About this actor
[Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was a cyber espionage campaign targeting technology and manufacturing companies in East Asia, Western Europe, and North America since at least 2019. Security researchers noted the goal of [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012), which was still ongoing as of May 2022, was likely the theft of proprietary information, research and development documents, source code, and blueprints for various technologies. Researchers assessed [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was conducted by actors affiliated with [Winnti Group](https://attack.mitre.org/groups/G0044), [APT41](https://attack.mitre.org/groups/G0096), and BARIUM.(Citation: Cybereason OperationCuckooBees May 2022)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.002T1005T1007T1016T1018T1027T1027.010T1027.011T1033T1036T1036.005T1049T1053T1053.005T1057T1059T1059.003T1059.005T1069T1069.001T1071T1071.001T1078T1078.002T1082T1083T1087T1087.001T1087.002T1120T1124T1133T1135T1190T1201T1505T1505.003T1543T1543.003T1547T1547.006T1560T1560.001T1574T1574.001T1588T1588.002
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 32 / 48 | 67% |
CM-6 | 28 / 48 | 58% |
CM-2 | 22 / 48 | 46% |
CM-7 | 22 / 48 | 46% |
AC-3 | 21 / 48 | 44% |
AC-2 | 20 / 48 | 42% |
AC-6 | 20 / 48 | 42% |
SI-3 | 20 / 48 | 42% |
RA-5 | 15 / 48 | 31% |
AC-5 | 14 / 48 | 29% |
IA-2 | 14 / 48 | 29% |
SI-7 | 14 / 48 | 29% |
CA-7 | 13 / 48 | 27% |
CM-5 | 13 / 48 | 27% |
SI-10 | 10 / 48 | 21% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Ke3chang 0.41
- Chimera 0.37
- Operation Wocao 0.36
- FIN13 0.35
- GALLIUM 0.35