Circuit Panda

Circuit Panda, also known as BlackTech, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard, is a significant threat actor with a history of operating against targets in East Asia, particularly Taiwan, Japan, and Hong Kong since at least 2007. This group is part of a constellation of advanced persistent threat (APT) groups that have used the infrastructure of certain service providers for their operations over the years. These APT groups are often state-sponsored and tied to governments known for supporting or conducting cyberattacks and espionage, such as Iran, China, Russia, and North Korea. In China's case, APT10 and Circuit Panda are two notable groups. Cloudzy, a service provider, has been found by Halcyon to have its infrastructure used by at least 17 state-sponsored APT groups over the past several years. This includes groups like Elfin from Iran, Nobelium from Russia, BlueNoroff from North Korea, and notably, APT10 and Circuit Panda from China. The use of service providers' infrastructure by these groups indicates a sophisticated level of operation, leveraging existing systems to execute their malicious activities. Recently, U.S. and Japanese cybersecurity agencies published a detailed advisory on an advanced attack centered on the activities of the BlackTech group, also known as T-APT-03, Circuit Panda, and Palmerworm. This advisory serves as a stark reminder of the ongoing threats posed by these groups. Their activities continue to evolve, requiring constant vigilance and robust cybersecurity measures to mitigate the risks they pose.