Judgment Panda

Threat Actor updated 4 months ago (2024-05-05T04:17:54.808Z)

Download STIX

Preview STIX

Judgment Panda, also known as APT31, Zirconium, Violet Typhoon, and Red Keres, is a threat actor believed to be linked to the Chinese nation-state. This group has been active since at least 2016 and has been involved in multiple cyber espionage operations. The group gained significant attention in 2022 when Check Point Research discovered its use of Jian, a tool cloned from the NSA Equation Group's "EpMe" hacking tool, years before it was leaked online by Shadow Brokers hackers. Based on similarities between recent campaigns and previously researched ones such as ExCone and DexCone, including the use of FourteenHi variants, specific Tactics, Techniques, and Procedures (TTPs), and the scope of the attack, there is medium to high confidence that Judgment Panda is behind these activities. Notably, this group has been identified as using a Python-compiled binary with capabilities for browser credential dumping, demonstrating its sophisticated technical abilities. Recently, Kaspersky Threat Intelligence has linked this threat actor to industrial attacks in Eastern Europe. The group's extensive history, advanced capabilities, and broad scope of attack indicate a significant threat to cybersecurity. As such, continuous monitoring and advanced defensive measures are crucial to mitigate the risk associated with Judgment Panda.

Description last updated: 2024-05-05T03:57:09.360Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT31	5	APT31, also known as Zirconium, is a threat actor group linked to the Chinese government that has been implicated in numerous cyber espionage activities. One of their most notable exploits was the cloning of the Equation Group's exploit, EpMe (CVE-2017-0005). This exploit was initially discovered du
ZIRCONIUM	5	Zirconium, also known as APT31, Judgment Panda, and Red Keres, is a threat actor linked to numerous cyber espionage operations. The group came into the spotlight in 2022 when the Check Point Research team discovered that it had used a tool called "Jian," a clone of the NSA Equation Group's hacking t
Violet Typhoon	2	Violet Typhoon, also known as APT31, Judgment Panda, and formerly Zirconium, is a threat actor believed to be aligned with the Chinese nation-state. This group, active since at least 2017, is known for executing advanced persistent threats with minimal overlaps with other Beijing-aligned groups such

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Kaspersky

Industrial

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Judgment Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	4 months ago	Suspected Chinese Hackers Hacked UK Defense Contractor
BankInfoSecurity	6 months ago	Alert: Hackers Hit High-Risk Individuals' Personal Accounts
Securityaffairs	6 months ago	US Treasury Dep announced sanctions against members of China-linked APT31
BankInfoSecurity	6 months ago	UK Discloses Chinese Espionage Activities
CERT-EU	6 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	7 months ago	Alert: Info Stealers Target Stored Browser Credentials
Securelist	10 months ago	Kaspersky malware report for Q3 2023
CERT-EU	a year ago	APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
InfoSecurity-magazine	a year ago	APT31 Linked to Recent Industrial Attacks in Eastern Europe
Securelist	a year ago	Common TTPs of attacks against industrial organizations
CERT-EU	a year ago	Common TTPs of attacks against industrial organizations – GIXtools
CERT-EU	a year ago	Air-gapped system attacks in Europe linked to Chinese hackers
CERT-EU	a year ago	Chinese APT Group Hits Air-Gapped Systems in Europe with Malware
CERT-EU	a year ago	APT31 Implants Target Industrial Organizations
BankInfoSecurity	a year ago	Chinese Espionage Group Active Across Eastern Europe