APT30

Threat Actor updated 23 days ago (2024-11-29T14:15:12.277Z)
Download STIX
Preview STIX
APT30, a threat actor suspected to be attributed to China, has been active since at least 2005. This group primarily targets members of the Association of Southeast Asian Nations (ASEAN). APT30 is notable for its sustained activity over an extended period and its ability to adapt and modify source code to maintain consistent tools, tactics, and infrastructure. They frequently register their own DNS domains for malware Command and Control (CnC) activities. The associated malware includes SHIPSHAPE, SPACESHIP, and FLASHFLOOD, with attack vectors including downloaders, backdoors, a central controller, and components designed to infect removable drives and cross air-gapped networks to steal data. The Naikon APT group, which aligns with APT30 as per FireEye's revelations, was spear-phished by another actor known as "Hellsing." However, no exact matches have been discovered between these two groups yet. The EU Cybersecurity Agency (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies, and agencies (CERT-EU) have issued advisories on Advanced Persistent Threats (APTs), including APT30, highlighting the ongoing threat posed by such actors. Several Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, GALLIUM, and Mustang Panda, have been identified in joint reports focusing on cyber activities. These groups are known for their malicious activities, further emphasizing the persistent cybersecurity threats originating from China. Despite the varying tactics and targets, these groups collectively underscore the need for robust cybersecurity defenses and constant vigilance against potential threats.
Description last updated: 2024-05-04T20:29:55.531Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Ke3chang Threat Actor is associated with APT30. Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3changUnspecified
2
The GALLIUM Threat Actor is associated with APT30. Gallium, also known as Alloy Taurus, is a threat actor group that has been associated with significant cyber-espionage campaigns and is believed to have ties with China. The group has been linked to multiple intrusion sets targeting network devices, including routers and servers. Gallium notably tarUnspecified
2
The APT27 Threat Actor is associated with APT30. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the Unspecified
2
The Mustang Panda Threat Actor is associated with APT30. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modifUnspecified
2
The APT31 Threat Actor is associated with APT30. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis byUnspecified
2
Source Document References
Information about the APT30 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more