POTASSIUM

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated with Huaying Haitai in Tianjin, China, and have connections with the Chinese Ministry of State Security’s Tianjin State Security Bureau. The group's activities show tactical similarities with other Chinese nation-state groups such as APT27 (Bronze Union, Emissary Panda, Lucky Mouse) and APT41 (Barium, Bronze Atlas, Wicked Panda). The potassium threat actor has been involved in significant incidents, including a notable attack in Russia where residents were instructed via a hacked broadcast to take potassium iodide pills and seek shelter immediately. This incident underscores the group's ability to disrupt public communications and spread fear. It's important to note that Russia and its ally Belarus supply 12 percent of America’s potassium requirements and over 15 percent of total U.S. fertilizer imports, highlighting potential vulnerabilities in critical supply chains. Potassium is not only a cybersecurity concern but also an essential element for crop growth, being one of the three primary nutrients required alongside nitrogen and phosphorus. Potassium fertilizer is derived from nonrenewable potash, making it a finite resource. Given the role of this group and the essential nature of potassium, there are potential implications for food security should these threat actors target related industries or infrastructure. In light of these threats, organizations and nations must strengthen their cybersecurity measures and consider the potential impact on crucial sectors like agriculture.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT10
3
APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted
CVNX
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Chinese
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lucky MouseUnspecified
1
Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GALLIUMUnspecified
1
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
Wicked PandaUnspecified
1
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit
APT41Unspecified
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
BRONZE UNIONUnspecified
1
Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific
Emissary PandaUnspecified
1
Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa
PhosphorusUnspecified
1
Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the POTASSIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
Weaponizing Wheat: How Strategic Competition With Russia Could Threaten American Food Security – Analysis
CERT-EU
a year ago
Les avocats de plus en plus ciblés par les hackers, alerte l'ANSSI
MITRE
a year ago
Two Chinese Hackers Associated With the Ministry of State Security
BAE Systems
a year ago
APT10 - Operation Cloud Hopper
CERT-EU
a year ago
Russians warned of nuclear attack after hackers break in to country’s TV service | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker
CERT-EU
a year ago
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
CERT-EU
a year ago
It’s a Weird Time to Be a Doomsday Prepper