Vanguard Panda

Threat Actor updated 4 months ago (2024-05-04T20:23:44.651Z)

Download STIX

Preview STIX

Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities in the United States, notably in Guam. The group has demonstrated advanced intrusion tactics and familiarity with the target environment, which has led cybersecurity experts to believe that it follows a specific workflow to backdoor apache-tomcat.jar. The group's activities have escalated since May 2021, when it was recognized as a significant threat to critical infrastructure and military bases. Vanguard Panda has been observed leveraging sophisticated tactics and exploiting critical vulnerabilities, such as the one found in Zoho's ManageEngine ADSelfService Plus, a single sign-on and password management solution. Additionally, the group is believed to be part of a broader Chinese effort to infiltrate utilities, energy-sector companies, military bases, telecom companies, and industrial sites to plant foothold malware for potential disruptive and destructive attacks in the future. Recently, Microsoft exposed another China-linked actor named Volt Typhoon (aka Bronze Silhouette or Vanguard Panda), which has been observed using Living off the Land (LotL) techniques to fly under the radar and exfiltrate data. This development, along with the group's continued activity, suggests that Chinese malware poses a 'ticking time bomb' inside critical US networks. The Chinese state-aligned advanced persistent threat (APT) behind Volt Typhoon came to attention after Microsoft observed Chinese cyber activity in Guam, the site of a strategically significant US military base for the defense of Taiwan against Chinese aggression. As a result, cybersecurity experts recommend a deeper dive into associated activities to determine if other artifacts remain and could confirm the use of specific exploits or indicate another form of exploitation altogether.

Description last updated: 2024-05-04T18:50:14.442Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Volt Typhoon	3	Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo
BRONZE SILHOUETTE	3	Bronze Silhouette, also known as Volt Typhoon, Vanguard Panda, and Insidious Taurus, is a Chinese state-sponsored cyberespionage group that has been targeting U.S. government and defense organizations. The threat actor has been active since at least 2021, but it was only in May 2023 when the Nationa

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apache

Malware

Manageengine

Apt

Exploit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2021-40539	Unspecified	2	None

Source Document References

Information about the Vanguard Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	7 months ago	China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
DARKReading	7 months ago	Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
InfoSecurity-magazine	7 months ago	US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
CERT-EU	a year ago	My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
CERT-EU	a year ago	China's Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure
CrowdStrike	a year ago	Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft
CERT-EU	a year ago	Novel techniques leveraged in Chinese hacking attacks against critical infrastructure
DARKReading	a year ago	China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine
BankInfoSecurity	a year ago	Chinese APT Group Uses New Tradecraft to Live Off the Land
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks