APT30

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
APT30, a threat actor suspected to be attributed to China, has been active since at least 2005. This group primarily targets members of the Association of Southeast Asian Nations (ASEAN). APT30 is notable for its sustained activity over an extended period and its ability to adapt and modify source code to maintain consistent tools, tactics, and infrastructure. They frequently register their own DNS domains for malware Command and Control (CnC) activities. The associated malware includes SHIPSHAPE, SPACESHIP, and FLASHFLOOD, with attack vectors including downloaders, backdoors, a central controller, and components designed to infect removable drives and cross air-gapped networks to steal data. The Naikon APT group, which aligns with APT30 as per FireEye's revelations, was spear-phished by another actor known as "Hellsing." However, no exact matches have been discovered between these two groups yet. The EU Cybersecurity Agency (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies, and agencies (CERT-EU) have issued advisories on Advanced Persistent Threats (APTs), including APT30, highlighting the ongoing threat posed by such actors. Several Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, GALLIUM, and Mustang Panda, have been identified in joint reports focusing on cyber activities. These groups are known for their malicious activities, further emphasizing the persistent cybersecurity threats originating from China. Despite the varying tactics and targets, these groups collectively underscore the need for robust cybersecurity defenses and constant vigilance against potential threats.
What's your take? (Question 1 of 5)
b72e77ce-f2ea-4425-8d91-d3c3e87c5055 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Ke3changUnspecified
2
Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang
GALLIUMUnspecified
2
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
APT27Unspecified
2
APT27, also known as Iron Taurus, is a threat actor suspected to be originating from China. The group primarily engages in cyber operations with the goal of intellectual property theft, targeting organizations globally including those in North and South America, Europe, and the Middle East. APT27 ut
Mustang PandaUnspecified
2
Mustang Panda, also known as Earth Preta, Camaro Dragon, Bronze President, TA416, and Stately Taurus, is a Chinese state-backed advanced persistent threat (APT) group known for its malicious cyber activities. The group has targeted numerous countries across Asia, including Taiwan, Vietnam, India, Ja
APT31Unspecified
2
APT31, also known as Zirconium, is a threat actor group believed to be sponsored by the Chinese government. This group has been implicated in various cyber espionage activities across the globe. One of their notable exploits includes the cloning and use of an Equation Group exploit, EpMe (CVE-2017-0
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the APT30 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
Securityaffairs
a year ago
ENISA and CERT-EU warns Chinese APTs targeting EU organizations
MITRE
a year ago
The Naikon APT
CERT-EU
a year ago
EU Organizations Warned of Chinese APT Attacks