Threat Actor Profile
High APT
Description

Whitefly is a cyber espionage group that has been operating since at least 2017. The group has targeted organizations based mostly in Singapore across a wide variety of sectors, and is primarily interested in stealing large amounts of sensitive information. The group has been linked to an attack against Singapore’s largest public health organization, SingHealth.(Citation: Symantec Whitefly March 2019)

Confidence Score
90%
Known Aliases
Whitefly
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (9)
T1105 - Ingress Tool Transfer
Command and Control
T1003.001 - LSASS Memory
Credential Access
T1027.013 - Encrypted/Encoded File
Defense Evasion
T1036.005 - Match Legitimate Resource Name or Locat…
Defense Evasion
T1059 - Command and Scripting Interpreter
Execution
T1204.002 - Malicious File
Execution
T1574.001 - DLL
Persistence
T1068 - Exploitation for Privilege Escalation
Privilege Escalation
T1588.002 - Tool
Resource Development
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['Whitefly'],
 'created': '2020-05-26T16:55:09.674Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[Whitefly](https://attack.mitre.org/groups/G0107) is a cyber '
                'espionage group that has been operating since at least 2017. '
                'The group has targeted organizations based mostly in '
                'Singapore across a wide variety of sectors, and is primarily '
                'interested in stealing large amounts of sensitive '
                'information. The group has been linked to an attack against '
                'Singapore’s largest public health organization, '
                'SingHealth.(Citation: Symantec Whitefly March 2019)',
 'external_references': [{'external_id': 'G0107',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0107'},
                         {'description': 'Symantec. (2019, March 6). Whitefly: '
                                         'Espionage Group has Singapore in Its '
                                         'Sights. Retrieved May 26, 2020.',
                          'source_name': 'Symantec Whitefly March 2019',
                          'url': 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore'}],
 'id': 'intrusion-set--b74f909f-8e52-4b69-b770-162bf59a1b4e',
 'modified': '2024-04-10T20:43:09.698Z',
 'name': 'Whitefly',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.2'}
Quick Actions
Related TTPs (9)
Ingress Tool Transfer
Command and Control
LSASS Memory
Credential Access
Encrypted/Encoded File
Defense Evasion
Match Legitimate Resource Nam…
Defense Evasion
Command and Scripting Interpr…
Execution
View All 9 TTPs
Back to Threat Actors
Dashboard Home