ZINC EMERSON

CTU researchers assess with moderate confidence that ZINC EMERSON is a targeted threat group that operates on behalf of India. It has been observed to primarily target military and intelligence targets in Pakistan, China and elsewhere, although third party reporting, supported by limited CTU observations, suggests that the group also conducts economic espionage on occasion.

The group or its activities have been variously reported as ModifiedElephant, Donot, APT-C-35, SectorE02, Operation Hangover, Patchwork, Monsoon, and Confucius. Its toolkit is varied and cross-platform, drawing on customized tools, extensive use of malicious scripts, and openly available post-exploitation tools. The use of weaponized documents delivered via spearphishing campaigns is prevalent.

ZINC EMERSON has demonstrated a relatively narrow focus. Organizations working in a way deemed contrary to India's national strategic objectives, or working in areas that are likely to be a focus of intelligence collection by the Indian government, are potential targets of ZINC EMERSON.