Wicked Panda

Threat Actor updated a month ago (2024-08-14T09:37:47.246Z)
Download STIX
Preview STIX
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified it as one of the top cyber threats. Over the years, security researchers have linked several subgroups to the APT41 collective, including Wicked Panda, Winnti, Suckfly, and Barium. These groups have been involved in numerous cyber espionage activities, compromising sensitive data and intellectual property from organizations in the US and other countries. Security researchers at ThreatFabric have attributed the use of LightSpy surveillance malware to Wicked Panda. This group, along with other members of the APT41 collective such as Winnti, Barium, and SuckFly, have been involved in large-scale cyber-attacks, pillaging trade secrets and other sensitive information. In 2017, Shadowpad, a modular backdoor, was discovered following a supply-chain attack on server management software, an act attributed to APT41. In addition to the aforementioned activities, Wicked Panda has been associated with the deployment of PowerShell backdoor attacks. Furthermore, similarities have been observed between Wicked Panda's tactics and those of other Chinese nation-state groups such as APT10 (Bronze Riverside, Potassium, Stone Panda), APT27 (Bronze Union, Emissary Panda, Lucky Mouse), and RedGolf’s campaign, which is also associated with Winnti. Given these factors, Wicked Panda continues to pose a significant cybersecurity threat globally.
Description last updated: 2024-08-14T08:43:06.014Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT41
4
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Winnti
2
The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai
Double Dragon
2
Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t
Lightspy
2
LightSpy, a notable threat actor in the cybersecurity landscape, has renewed its espionage campaign, primarily targeting South Asia. This group, which could be an individual, a private company, or part of a government entity, is known for executing actions with malicious intent. The latest wave of a
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Health
State Sponso...
Malware
Backdoor
Threatfabric
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
2
The Lazarus Group, also known as APT38, is a notorious threat actor believed to be backed by the North Korean regime. This group has been associated with several high-profile cyber attacks and thefts, including the infamous $600 million Ronin sidechain exploit in 2022. Known for their sophisticated
Apt43Unspecified
2
APT43, also known as Kimsuky, Sparkling Pisces, Emerald Sleet, and Velvet Chollima among other names, is a North Korean state-sponsored advanced persistent threat (APT) group involved in cybercrime and espionage. This threat actor conducts intelligence collection and uses cybercrime to fund its espi
Emerald SleetUnspecified
2
Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public
ThalliumUnspecified
2
Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi
Source Document References
Information about the Wicked Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
China's APT41 Targets Taiwan Research Institute for Cyber Espionage
DARKReading
2 months ago
China's APT41 Targets Global Logistics, Utilities Companies
CERT-EU
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
CERT-EU
a year ago
Chinese APT Actors Target WeChat Users
BankInfoSecurity
a year ago
Chinese APT Actors Target WeChat Users
BankInfoSecurity
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
InfoSecurity-magazine
a year ago
Chinese APT Favorite Backdoor Found in Pakistani Government App
CERT-EU
a year ago
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
CERT-EU
a year ago
Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems
CERT-EU
a year ago
APT41’s PowerShell Backdoor Let Hackers Download & Upload Files From Windows