Kryptonite Panda

Threat Actor updated 2 months ago (2024-07-09T02:17:38.602Z)

Download STIX

Preview STIX

Kryptonite Panda, also known as APT40, Bronze Mohawk, Periscope, Mudcarp, and GINGHAM TYPHOON among others, is a threat actor believed to be based in Haikou, Hainan Province, People's Republic of China. This threat group has been associated with an array of cyber-espionage operations targeting government organizations, companies, and universities across various industries. Their activities span across multiple geographical regions including the United States, Canada, Europe, the Middle East, and Africa. The cybersecurity industry often assigns multiple names to the same threat actor due to differing naming conventions, which can sometimes lead to confusion. In a recent incident, another threat actor named Blue Hornet managed to compromise Kryptonite Panda along with Lazarus Group, resulting in a significant data leak. This event showcases the complex and dynamic landscape of cyber threats where even malicious actors are not immune to attacks from their counterparts. It also underscores the need for continuous vigilance and robust cybersecurity measures across all entities, irrespective of their nature or intent. Google's Threat Analysis Group (TAG) has linked Kryptonite Panda to a fourth recent WinRAR attack attributed to China-backed IslandDreams through a phishing campaign that targeted users in Papua New Guinea in late August. This connection further solidifies the group's association with state-sponsored cyber activities and highlights their persistent efforts to exploit vulnerabilities for malicious purposes. The advisory detailing these findings is based on current investigations led by the Australian Cyber Security Centre (ACSC) and shared understanding of the People's Republic of China (PRC) state-sponsored cyber group, APT40.

Description last updated: 2024-07-09T02:15:53.171Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
BRONZE MOHAWK	2	Bronze Mohawk is a notable threat actor in the cybersecurity landscape, often associated with state-sponsored cyber activities. It is believed to be part of a larger network of Advanced Persistent Threat (APT) groups, including APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and o

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Kryptonite Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	2 months ago	People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action \| CISA
CISA	2 months ago	CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40 \| CISA
DARKReading	a year ago	Patch Now: APTs Continue to Pummel WinRAR Bug
CERT-EU	a year ago	The Cyberwar Between the East and the West Goes Through Africa
CERT-EU	a year ago	Cybersecurity threatscape of Asia: 2022–2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting