Judgment Panda

Threat Actor updated 7 months ago (2024-05-05T04:17:54.808Z)
Download STIX
Preview STIX
Judgment Panda, also known as APT31, Zirconium, Violet Typhoon, and Red Keres, is a threat actor believed to be linked to the Chinese nation-state. This group has been active since at least 2016 and has been involved in multiple cyber espionage operations. The group gained significant attention in 2022 when Check Point Research discovered its use of Jian, a tool cloned from the NSA Equation Group's "EpMe" hacking tool, years before it was leaked online by Shadow Brokers hackers. Based on similarities between recent campaigns and previously researched ones such as ExCone and DexCone, including the use of FourteenHi variants, specific Tactics, Techniques, and Procedures (TTPs), and the scope of the attack, there is medium to high confidence that Judgment Panda is behind these activities. Notably, this group has been identified as using a Python-compiled binary with capabilities for browser credential dumping, demonstrating its sophisticated technical abilities. Recently, Kaspersky Threat Intelligence has linked this threat actor to industrial attacks in Eastern Europe. The group's extensive history, advanced capabilities, and broad scope of attack indicate a significant threat to cybersecurity. As such, continuous monitoring and advanced defensive measures are crucial to mitigate the risk associated with Judgment Panda.
Description last updated: 2024-05-05T03:57:09.360Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT31 is a possible alias for Judgment Panda. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis by
5
ZIRCONIUM is a possible alias for Judgment Panda. Zirconium, also known as APT31, Judgment Panda, and Red Keres, is a threat actor linked to numerous cyber espionage operations. The group came into the spotlight in 2022 when the Check Point Research team discovered that it had used a tool called "Jian," a clone of the NSA Equation Group's hacking t
5
Violet Typhoon is a possible alias for Judgment Panda. Violet Typhoon, also known as APT31, Judgment Panda, and formerly Zirconium, is a threat actor believed to be aligned with the Chinese nation-state. This group, active since at least 2017, is known for executing advanced persistent threats with minimal overlaps with other Beijing-aligned groups such
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Kaspersky
Industrial
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Judgment Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
7 months ago
BankInfoSecurity
8 months ago
Securityaffairs
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
9 months ago
BankInfoSecurity
9 months ago
Securelist
a year ago
CERT-EU
2 years ago
InfoSecurity-magazine
a year ago
Securelist
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago