Violet Typhoon

Threat Actor updated 5 months ago (2024-06-18T23:17:34.850Z)
Download STIX
Preview STIX
Violet Typhoon, also known as APT31, Judgment Panda, and formerly Zirconium, is a threat actor believed to be aligned with the Chinese nation-state. This group, active since at least 2017, is known for executing advanced persistent threats with minimal overlaps with other Beijing-aligned groups such as Storm-0558. Cybersecurity company Kaspersky attributes the intrusions caused by this group with medium to high confidence to APT31 due to commonalities in the observed tactics. This group has been implicated in several significant cyber attacks, including attacks on UK politicians as stated by the Deputy Prime Minister. Their methods include the use of a Python-compiled binary with capabilities for browser credential dumping, which is a powerful tool for espionage attacks. The group's activities have garnered attention from major cybersecurity entities, including Microsoft, leading to detailed investigations into their operations and impacts. In response to the disclosure of Violet Typhoon's activities, organizations like BSI have been working closely with companies such as Microsoft to review security measures and understand data protection steps deployed against similar attacks. Despite the distinct operation of this group, it's clear that a coordinated response from cybersecurity firms and targeted organizations is crucial in mitigating the risks posed by this threat actor.
Description last updated: 2024-06-18T23:15:59.963Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT31 is a possible alias for Violet Typhoon. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis by
2
ZIRCONIUM is a possible alias for Violet Typhoon. Zirconium, also known as APT31, Judgment Panda, and Red Keres, is a threat actor linked to numerous cyber espionage operations. The group came into the spotlight in 2022 when the Check Point Research team discovered that it had used a tool called "Jian," a clone of the NSA Equation Group's hacking t
2
Judgment Panda is a possible alias for Violet Typhoon. Judgment Panda, also known as APT31, Zirconium, Violet Typhoon, and Red Keres, is a threat actor believed to be linked to the Chinese nation-state. This group has been active since at least 2016 and has been involved in multiple cyber espionage operations. The group gained significant attention in 2
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Kaspersky
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Violet Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
5 months ago
BankInfoSecurity
6 months ago
BankInfoSecurity
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
9 months ago
BankInfoSecurity
9 months ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago