Campaign · all campaigns
Operation WocaoC0014 state
🇨🇳 CN
aka Operation Wocao
Last updated: 2026-07-03
About this actor
[Operation Wocao](https://attack.mitre.org/campaigns/C0014) was a cyber espionage campaign that targeted organizations around the world, including in Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States. The suspected China-based actors compromised government organizations and managed service providers, as well as aviation, construction, energy, finance, health care, insurance, offshore engineering, software development, and transportation companies.(Citation: FoxIT Wocao December 2019) Security researchers assessed the [Operation Wocao](https://attack.mitre.org/campaigns/C0014) actors used similar TTPs and tools as APT20, suggesting a possible overlap. [Operation Wocao](https://attack.mitre.org/campaigns/C0014) was named after an observed command line entry by one of the threat actors, possibly out of frustration from losing webshell access.(Citation: FoxIT Wocao December 2019)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1001T1003T1003.001T1003.006T1005T1007T1012T1016T1016.001T1018T1021T1021.002T1027T1027.005T1027.010T1033T1036T1036.005T1041T1046T1047T1049T1053T1053.005T1055T1056T1056.001T1057T1059T1059.001T1059.003T1059.005T1059.006T1069T1069.001T1070T1070.004T1071T1071.001T1074T1074.001T1078T1078.002T1078.003T1082T1083T1087T1087.002T1090T1090.001T1090.003T1095T1105T1106T1111T1112T1115T1119T1120T1124T1133T1135T1190T1505T1505.003T1518T1518.001T1552T1552.004T1555T1555.005T1558T1558.003T1560T1560.001T1569T1569.002T1570T1571T1573T1573.002T1583T1583.004T1585T1585.002T1587T1587.001T1588T1588.002T1589T1680T1685T1685.005T1686T1686.003
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 59 / 95 | 62% |
CM-6 | 55 / 95 | 58% |
CM-2 | 47 / 95 | 49% |
AC-3 | 41 / 95 | 43% |
SI-3 | 41 / 95 | 43% |
AC-6 | 37 / 95 | 39% |
CA-7 | 37 / 95 | 39% |
CM-7 | 37 / 95 | 39% |
AC-2 | 36 / 95 | 38% |
IA-2 | 27 / 95 | 28% |
AC-5 | 26 / 95 | 27% |
SI-7 | 25 / 95 | 26% |
CM-5 | 24 / 95 | 25% |
SC-7 | 23 / 95 | 24% |
AC-4 | 21 / 95 | 22% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Volt Typhoon 0.44
- Chimera 0.43
- OilRig 0.38
- FIN13 0.37
- Turla 0.36
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- C0017 1.00
- Cutting Edge 1.00
- KV Botnet Activity 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Dream Job 1.00
- Operation Ghost 1.00