🇨🇳
APT27
APT Group
Information theft and espionage
19 zero-day CVEs
ETDA ✓
Also Known As 17 names
BRONZE UNION
Budworm
Circle Typhoon
EMISSARY PANDA
Earth Smilodon
G0027
GreedyTaotie
Group 35
Iron Taurus
Iron Tiger
Linen Typhoon
Lucky Mouse
Red Phoenix
TEMP.Hippo
TG-3390
ZipToken
APT 27
Target Countries 23
Countries highlighted in red
Australia
Belgium
Canada
China
Germany
Spain
Hong Kong
Hungary
Israel
India
Islamic Republic of Iran
Japan
Republic of Korea
Mongolia
Mexico
Netherlands
Philippines
Thailand
Turkey
Province of China Taiwan
Ukraine
United States
Vietnam
Sectors Targeted
Public Administration
92
NAICS:31
31
Technology
Think Tanks
Periodical Publishers
51112
Education
Computer Systems Design and Related Services
54151
Grantmaking and Giving Services
8132
National Security and International Affairs
9281
Space Research and Technology
927
Defense
Manufacturing
Aerospace
Aviation
Motion Picture and Video Production
51211
Educational Services
61
Finance and Insurance
52
Telecommunications
517
Gambling Industries
7132
Government
Information
51
Telecommunications
Computer Systems Design Services
541512
Utilities
22
Embassies
Details
Origin
🇨🇳 CN
Last Updated
24 Jul 2025
Malware Families 13
Netsupport Manager
sorgu
unidentified_075
netsupportmanager_rat
zhmimikatz
hyperssl
zwShell
unidentified_080
twoface
pandora_rat
NewCore
polpo
darkstrat
MITRE ATT&CK 134
T1003 - OS Credential Dumping
T1003.001
T1003.002
T1003.004
T1003.008 - /etc/passwd and /etc/shadow
T1005 - Data from Local System
T1012
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1020 - Automated Exfiltration
T1021 - Remote Services
T1021.001 - Remote Desktop Protocol
T1021.006
T1027 - Obfuscated Files or Information
T1027.002
T1027.010
T1027.013
T1027.015
T1030
T1033
T1036 - Masquerading
T1039 - Data from Network Shared Drive
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.002
T1053.005
T1055 - Process Injection
T1055.012
T1056 - Input Capture
T1056.001
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1070.004
T1070.005
T1071 - Application Layer Protocol
T1071.001
T1074
T1074.001
T1074.002
T1078 - Valid Accounts
T1078.001
T1078.004 - Cloud Accounts
T1082 - System Information Discovery
T1083
T1087 - Account Discovery
T1087.001
T1090 - Proxy
T1105
T1112
T1119 - Automated Collection
T1123 - Audio Capture
T1127 - Trusted Developer Utilities Proxy Execution
T1132 - Data Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1189
T1190 - Exploit Public-Facing Application
T1195
T1195.002
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.002
T1210 - Exploitation of Remote Services
T1213 - Data from Information Repositories
T1404 - Exploit OS Vulnerability
T1412 - Capture SMS Messages
T1429 - Capture Audio
T1432 - Access Contact List
T1484
T1484.001
T1486 - Data Encrypted for Impact
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1498 - Network Denial of Service
T1505 - Server Software Component
T1505.003 - Web Shell
T1505.004
T1512 - Capture Camera
T1514 - Elevated Execution with Prompt
T1530 - Data from Cloud Storage Object
T1543
T1543.003
T1547 - Boot or Logon Autostart Execution
T1547.001
T1548
T1548.002
T1552 - Unsecured Credentials
T1552.001 - Credentials In Files
T1555
T1555.005
T1560 - Archive Collected Data
T1560.002
T1562
T1562.001
T1562.002
T1566 - Phishing
T1566.001
T1567
T1567.002
T1569
T1569.002
T1570 - Lateral Tool Transfer
T1572
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.001
T1574.002
T1583
T1583.001
T1585
T1585.002
T1588
T1588.002
T1588.003
T1590 - Gather Victim Network Information
T1595
T1595.002
T1602 - Data from Configuration Repository
T1608
T1608.001
T1608.002
T1608.004
T1620
T1657