ICIC
CN

TA410

Medium ConfidenceMedium Threat

LookingFrog • FlowingFrog • JollyFrog

TA410 is a Chinese-linked cyber espionage group that has been active since at least 2018, primarily targeting U.S. utilities and government organizations. The group is known for using the FlowCloud and LookBack malware families. TA410 demonstrates sophisticated capabilities including custom tool development and careful operational security. Their targeting of critical infrastructure, particularly the energy sector, suggests alignment with Chinese strategic intelligence priorities.

Origin: China
Sponsor: MSS (Ministry of State Security)
Active: 2018 - Present
Victims: 50+ organizations
Advanced
Active
Espionage
Risk Assessment
66
Composite Risk Score
Medium Risk
ARCS Compliance68
Escalation Risk65
Grievance Index62
Infrastructure Impact70
History & Evolution

TA410 is a Chinese-linked cyber espionage group that has been active since at least 2018, primarily targeting U.S. utilities and government organizations. The group is known for using the FlowCloud and LookBack malware families. TA410 demonstrates sophisticated capabilities including custom tool development and careful operational security. Their targeting of critical infrastructure, particularly the energy sector, suggests alignment with Chinese strategic intelligence priorities.

Targeting

Target Sectors

UtilitiesGovernmentDiplomaticManufacturing

Target Regions

United StatesEuropeMiddle East
Attribution & Affiliations

Attributed to MSS (Ministry of State Security) (China). Attribution confidence: Medium.

Intelligence Assessment
Medium
Threat Level
Moderately
Targeting
Moderately
Adaptability
Medium
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

TA410 is expected to continue operations targeting Utilities sectors.

Timeline of Key Events
2018
Major

First observed activity of TA410

2024
Moderate

Continued active operations

Related Threat Groups
CNAPT41
Shared infrastructure

Overlapping tooling and targets