TIARAS - The White Company

Threat Actor Profile

High APT

Description

The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)

Confidence Score

90%

Known Aliases

The White Company

First Seen

Unknown

Last Updated

Unknown

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (7)

T1027.002 - Software Packing

Defense Evasion

T1070.004 - File Deletion

Defense Evasion

T1124 - System Time Discovery

Discovery

T1518.001 - Security Software Discovery

Discovery

T1203 - Exploitation for Client Execution

Execution

T1204.002 - Malicious File

Execution

T1566.001 - Spearphishing Attachment

Initial Access

Indicators of Compromise

Loading IOCs…

STIX Data

{'aliases': ['The White Company'],
 'created': '2019-05-02T00:08:18.314Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[The White Company](https://attack.mitre.org/groups/G0089) is '
                'a likely state-sponsored threat actor with advanced '
                'capabilities. From 2017 through 2018, the group led an '
                'espionage campaign called Operation Shaheen targeting '
                'government and military organizations in Pakistan.(Citation: '
                'Cylance Shaheen Nov 2018)',
 'external_references': [{'external_id': 'G0089',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0089'},
                         {'description': 'Livelli, K, et al. (2018, November '
                                         '12). Operation Shaheen. Retrieved '
                                         'May 1, 2019.',
                          'source_name': 'Cylance Shaheen Nov 2018',
                          'url': 'https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517'}],
 'id': 'intrusion-set--6688d679-ccdb-4f12-abf6-c7545dd767a4',
 'modified': '2025-04-25T14:49:32.865Z',
 'name': 'The White Company',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.1'}

Quick Actions

Related TTPs (7)

Software Packing
Defense Evasion

File Deletion
Defense Evasion

System Time Discovery
Discovery

Security Software Discovery
Discovery

Exploitation for Client Execu…
Execution

View All 7 TTPs

Back to Threat Actors

Dashboard Home