| ID | Votes | Profile Description |
|---|---|---|
| Camaro Dragon | 6 | Camaro Dragon, a Chinese state-sponsored threat actor, has been identified as the source of several cyber attacks on European foreign affairs entities. Checkpoint Research has discovered and analyzed a custom firmware image affiliated with Camaro Dragon, which contained multiple malicious components |
| RedDelta | 5 | RedDelta, also known as Bronze President, is a threat actor that has been conducting cyber-espionage attacks since 2014. It is one of the likely Ministry of State Security (MSS)-linked groups which include APT10, APT17, APT27, APT40, APT41, TAG-22, and RedBravo among others. The organization's activ |
| Stately Taurus | 5 | Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to Marc |
| LuminousMoth | 4 | LuminousMoth is a threat actor with ties to HoneyMyte, as evidenced by their similar targeting and Tactics, Techniques, and Procedures (TTPs). These include the use of DLL side-loading, Cobalt Strike loaders, and Chrome cookie stealers. The malware's operation begins with the execution of "explorer. |
| BRONZE PRESIDENT | 4 | Bronze President, a Chinese-state-sponsored APT group also known as Mustang Panda, has been identified as a significant threat actor in data theft campaigns. The group has deployed a variety of remote access tools, including Cobalt Strike and RCSession, to steal data from targeted organizations. Bro |
| Honeymyte | 3 | HoneyMyte, also known as Mustang Panda, is a notable threat actor in the cybersecurity landscape. This group has been linked to various malicious activities, including the use of DLL side-loading and Cobalt Strike loaders, similar to the tactics, techniques, and procedures (TTPs) employed by another |
| Taurus | 2 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
| APT41 | 2 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| BlackTech | 2 | BlackTech is a threat actor, or a group responsible for carrying out malicious cyber activities. Known for its links to China, BlackTech focuses on gathering intelligence from technology and government organizations, predominantly in the Asia-Pacific region. This group has shown a high degree of sop |
| Earth Preta | 2 | Earth Preta, also known as Mustang Panda, Bronze President, TA416, RedDelta, and Stately Taurus, is a prominent threat actor group that has been operational since at least 2012. The group has been highly active in Europe and Asia, employing a variety of tools and malware for their malicious activiti |
| TA416 | 2 | TA416 is an advanced persistent threat (APT) group that targets organizations globally with customized versions of the PlugX malware. TA416 has used a distinct installation method of a PE dropper to retrieve Trident loaded payload components using a legitimate PE and a DLL loader file to load a Plug |
| Luminous Moth | 1 | None |
| Red Delta | 1 | Red Delta is a threat actor, a term used in cybersecurity to describe an entity that executes actions with malicious intent. This could be an individual, a private company, or a government organization. Red Delta has been identified as being involved in a series of cyber threats and attacks. In a hi |
| Evasive Panda | 1 | Evasive Panda, a threat actor group also known as Bronze Highland and Daggerfly, has been identified as a significant cybersecurity threat. This group, believed to be aligned with China, has been deploying custom implants such as MgBot, Nightdoor, and a macOS downloader component, using these tools |
| TheWizards | 1 | TheWizards is a threat actor, potentially China-aligned, known for conducting adversary-in-the-middle attacks. The group exhibits capabilities similar to other known China-aligned threat actors such as Evasive Panda and Mustang Panda (also known as Camaro Dragon), who have been observed deploying ma |
| Tick | 1 | Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami |
| Ta428 | 1 | TA428 is a sophisticated malware toolkit associated with several cyber threat groups, including Bronze Union (also known as LuckyMouse or APT27) and BackdoorDiplomacy. The TA428 toolkit includes various malicious software like Albaniiutas (RemShell), which is specifically mentioned in an ESET report |
| Naikon | 1 | Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/ |
| Tropic Trooper | 1 | Tropic Trooper, a threat actor with suspected ties to China, has been identified as a significant cybersecurity concern. Their activities date back to at least 2013, when Trend Micro noted similarities in the encoding algorithms used by Tropic Trooper's malware and the KeyBoy versions from that year |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| PlugX | Unspecified | 5 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| Korplug | Unspecified | 2 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
| Doplugs | Unspecified | 2 | DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U |
| Iron Taurus | Unspecified | 2 | Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operatio |
| Clop | Unspecified | 1 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| win32/korplug.th | Unspecified | 1 | None |
| win32/korplug.ub | Unspecified | 1 | Win32/Korplug.UB is a type of malware known to be associated with the cyber threat group, Mustang Panda. This malicious software is designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. Once inside, it has |
| win32/agent.admw | Unspecified | 1 | None |
| Hodur | Unspecified | 1 | Hodur is a sophisticated malware variant of Korplug (also known as PlugX), often deployed by China-aligned threat actors, such as the Mustang Panda group. The malware is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once in |
| Dinodasrat | Unspecified | 1 | DinodasRAT is a multi-platform backdoor malware written in C++ that has been identified as posing significant threats to users globally. Its Linux variant, in particular, has been singled out for its ability to target Red Hat-based distributions and Ubuntu Linux, making it a potent threat to a wide |
| RCSession | Unspecified | 1 | RCSession is a basic Remote Access Trojan (RAT) malware, installed via DLL side-loading and primarily used by the threat group known as BRONZE PRESIDENT. The malware was first described by Dell Secureworks in a blog published in December 2019, where it was identified as a part of the Type 2 malware |
| Lucky Mouse | Unspecified | 1 | Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo |
| Sogu | Unspecified | 1 | SOGU is a malicious software (malware) attributed to TEMP.Hex, a threat actor linked to China. The malware is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations |
| Gelsemium | Unspecified | 1 | Gelsemium is a sophisticated malware associated with Advanced Persistent Threat (APT) activities. It is known for its stealthy operations and the use of server-side exploits to deploy a web shell and multiple custom tools on targeted systems. The malware has been used in cyber-attacks against variou |
| ShadowPad | Unspecified | 1 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
| Granite Typhoon | Unspecified | 1 | Granite Typhoon is a notable malware that has been implicated in several cyber-attacks on various organizations and entities. The malware, which operates by infiltrating systems through suspicious downloads, emails, or websites, has been linked to attacks on telecommunications firms in 2023, an oper |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Ke3chang | Unspecified | 4 | Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang |
| APT27 | Unspecified | 4 | APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario |
| Winnti | Unspecified | 3 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| APT31 | Unspecified | 2 | APT31, also known as Zirconium, is a threat actor group believed to be sponsored by the Chinese government. This group has been implicated in various cyber espionage activities across the globe. One of their notable exploits includes the cloning and use of an Equation Group exploit, EpMe (CVE-2017-0 |
| APT30 | Unspecified | 2 | APT30, a threat actor suspected to be attributed to China, has been active since at least 2005. This group primarily targets members of the Association of Southeast Asian Nations (ASEAN). APT30 is notable for its sustained activity over an extended period and its ability to adapt and modify source c |
| GALLIUM | Unspecified | 2 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| BRONZE UNION | Unspecified | 1 | Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific |
| Night Dragon | Unspecified | 1 | Night Dragon is a recognized threat actor, a term used in cybersecurity to denote an individual or group that carries out malicious activities. These entities can range from single individuals to large organizations or even government bodies. Night Dragon has been associated with several significant |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| Dark Pink | Unspecified | 1 | Dark Pink, also known as Saaiwc Group, is a Chinese-aligned cyberespionage entity that has been particularly active since mid-2022. The threat actor has conducted spearphishing campaigns against government, military, and non-profit organizations in Southeast Asia and parts of Europe, using sophistic |
| Iron Tiger | Unspecified | 1 | Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att |
| Goblin Panda | Unspecified | 1 | Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Winnti Apt41 | Unspecified | 1 | None |
| Bronze Union Apt27 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | a month ago | China-Linked Espionage Groups Target Asian Telecoms |
| Securityaffairs | a month ago | China-linked spies target Asian Telcos since at least 2021 |
| ESET | a month ago | ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024 |
| DARKReading | 2 months ago | Chinese Threat Clusters Triple-Team High-Profile Asian Government Org |
| ESET | 2 months ago | Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries |
| BankInfoSecurity | 2 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers |
| Unit42 | 2 months ago | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia |
| ESET | 2 months ago | ESET APT Activity Report Q4 2023–Q1 2024 |
| DARKReading | 3 months ago | Philippines Pummeled by Cyberattacks & Misinformation Tied to China |
| Securityaffairs | 3 months ago | Misinformation and hacktivist campaigns targeting the Philippines skyrocket |
| DARKReading | 4 months ago | Japan, Philippines, US to Share Cyber Threat Intel |
| DARKReading | 4 months ago | Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents |
| CERT-EU | 5 months ago | Sophisticated PlugX backdoor variant leveraged in Mustang Panda attacks |
| CERT-EU | 5 months ago | New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS |
| Securityaffairs | 5 months ago | New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS |
| Trend Micro | 5 months ago | Earth Preta Campaign Uses DOPLUGS to Target Asia |
| ESET | 6 months ago | NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |
| ESET | 6 months ago | NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |
| MITRE | 7 months ago | LuminousMoth – PlugX, File Exfiltration and Persistence Revisited |
| MITRE | 7 months ago | LuminousMoth APT: Sweeping attacks for the chosen few |