{
    "type": "bundle",
    "id": "bundle--cba28732-0979-4ae3-a021-0f777cbe1686",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-22T05:06:05.468Z",
            "name": "Operation CuckooBees",
            "description": "[Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was a cyber espionage campaign targeting technology and manufacturing companies in East Asia, Western Europe, and North America since at least 2019. Security researchers noted the goal of [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012), which was still ongoing as of May 2022, was likely the theft of proprietary information, research and development documents, source code, and blueprints for various technologies. Researchers assessed [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was conducted by actors affiliated with [Winnti Group](https://attack.mitre.org/groups/G0044), [APT41](https://attack.mitre.org/groups/G0096), and BARIUM.(Citation: Cybereason OperationCuckooBees May 2022)",
            "aliases": [
                "Operation CuckooBees"
            ],
            "first_seen": "2019-12-01T07:00:00.000Z",
            "last_seen": "2022-05-01T06:00:00.000Z",
            "x_mitre_first_seen_citation": "(Citation: Cybereason OperationCuckooBees May 2022)",
            "x_mitre_last_seen_citation": "(Citation: Cybereason OperationCuckooBees May 2022)",
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.1",
            "x_mitre_contributors": [
                "Andrea Serrano Urea, Telef\u00f3nica Tech"
            ],
            "type": "campaign",
            "id": "campaign--93c23946-49af-41f4-ac03-40f9ffc7419b",
            "created": "2022-09-22T20:07:47.208Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/campaigns/C0012",
                    "external_id": "C0012"
                },
                {
                    "source_name": "Cybereason OperationCuckooBees May 2022",
                    "description": "Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.",
                    "url": "https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_domains": [
                "enterprise-attack"
            ]
        }
    ]
}