Violet Typhoon

Threat Actor updated 3 months ago (2024-06-18T23:17:34.850Z)

Download STIX

Preview STIX

Violet Typhoon, also known as APT31, Judgment Panda, and formerly Zirconium, is a threat actor believed to be aligned with the Chinese nation-state. This group, active since at least 2017, is known for executing advanced persistent threats with minimal overlaps with other Beijing-aligned groups such as Storm-0558. Cybersecurity company Kaspersky attributes the intrusions caused by this group with medium to high confidence to APT31 due to commonalities in the observed tactics. This group has been implicated in several significant cyber attacks, including attacks on UK politicians as stated by the Deputy Prime Minister. Their methods include the use of a Python-compiled binary with capabilities for browser credential dumping, which is a powerful tool for espionage attacks. The group's activities have garnered attention from major cybersecurity entities, including Microsoft, leading to detailed investigations into their operations and impacts. In response to the disclosure of Violet Typhoon's activities, organizations like BSI have been working closely with companies such as Microsoft to review security measures and understand data protection steps deployed against similar attacks. Despite the distinct operation of this group, it's clear that a coordinated response from cybersecurity firms and targeted organizations is crucial in mitigating the risks posed by this threat actor.

Description last updated: 2024-06-18T23:15:59.963Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT31	2	APT31, also known as Zirconium, is a threat actor group linked to the Chinese government that has been implicated in numerous cyber espionage activities. One of their most notable exploits was the cloning of the Equation Group's exploit, EpMe (CVE-2017-0005). This exploit was initially discovered du
ZIRCONIUM	2	Zirconium, also known as APT31, Judgment Panda, and Red Keres, is a threat actor linked to numerous cyber espionage operations. The group came into the spotlight in 2022 when the Check Point Research team discovered that it had used a tool called "Jian," a clone of the NSA Equation Group's hacking t
Judgment Panda	2	Judgment Panda, also known as APT31, Zirconium, Violet Typhoon, and Red Keres, is a threat actor believed to be linked to the Chinese nation-state. This group has been active since at least 2016 and has been involved in multiple cyber espionage operations. The group gained significant attention in 2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Kaspersky

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Violet Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	3 months ago	German BSI Forces Microsoft to Disclose Security Measures
BankInfoSecurity	4 months ago	Suspected Chinese Hackers Hacked UK Defense Contractor
BankInfoSecurity	6 months ago	Alert: Hackers Hit High-Risk Individuals' Personal Accounts
BankInfoSecurity	6 months ago	UK Discloses Chinese Espionage Activities
CERT-EU	6 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	7 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	a year ago	Hacker Stole Signing Key, Hit US Government's Microsoft 365
CERT-EU	a year ago	China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
BankInfoSecurity	a year ago	Chinese Espionage Group Active Across Eastern Europe
CERT-EU	a year ago	Data exfiltration tools by APT31 group detailed