Aquatic Panda

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Aquatic Panda, also known as Budworm, Charcoal Typhoon, ControlX, RedHotel, and Bronze University, is a significant threat actor suspected of state-backed cyber espionage activities. This group has been particularly active in the recent quarter, ranking amongst the top geopolitical groups targeting users of the Netskope Security Cloud platform. Additionally, evidence of suspected Log4j exploits was found in their possession, indicating the use of sophisticated attack techniques. Aquatic Panda is associated with China, alongside another threat actor known as Maverick Panda. Notably, Aquatic Panda has been observed leveraging advanced capabilities provided by OpenAI, including open-source research, identifying potential targets, code creation and resolution of coding errors, vulnerability research, and translation of foreign technical papers. This indicates a high level of sophistication and adaptability, suggesting that the group is well-resourced and poses a significant cybersecurity threat. The group's activities align with those of other major threat actors such as APT 28 (Russia), Kimusky (North Korea), and Imperial Kitten (Iran), each utilizing advanced AI capabilities to enhance their operations. The activities of Aquatic Panda have raised concerns within the cybersecurity industry. Adam Meyers, head of counter adversary operations at CrowdStrike, specifically identified the group as a primary source of concern. However, it should be noted that Aquatic Panda is not the only threat actor exploiting ransomware; other active criminal adversary groups such as TA505 and FIN7 are also heavily reliant on ransomware, creating additional challenges for cybersecurity defenses worldwide.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Aquatic Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
CyberTalk with Ray Canzanese
CERT-EU
3 months ago
Global AI Developers Need to Set Some Standards – Now
DARKReading
3 months ago
iSoon's Secret APT Status Exposes China's Foreign Hacking Machination
MITRE
a year ago
AQUATIC PANDA in Possession of Log4Shell Exploit Tools | CrowdStrike
CERT-EU
3 months ago
iSoon's Secret APT Status Exposes China's Foreign Hacking Machination | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
Criminal groups focus on Australia and US
BankInfoSecurity
3 months ago
OpenAI and Microsoft Terminate State-Backed Hacker Accounts
DARKReading
3 months ago
Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks
CERT-EU
7 months ago
Netskope Threat Labs report says highest percentage of cybercrime activity originates in Russia