🇨🇳
APT 41
APT Group
Information theft and espionage
Financial gain
Financial crime
13 zero-day CVEs
ETDA ✓
Also Known As 21 names
APT41
Amoeba
BARIUM
BRONZE ATLAS
BRONZE EXPORT
Blackfly
Brass Typhoon
Double Dragon
Earth Baku
G0044
G0096
Grayfly
HOODOO
LEAD
Leopard Typhoon
Red Kelpie
TA415
TG-2633
WICKED PANDA
WICKED SPIDER
Winnti
Target Countries 24
Countries highlighted in red
United Arab Emirates
Australia
Bangladesh
Canada
Switzerland
China
Cyprus
Germany
Egypt
Finland
United Kingdom
Haiti
Indonesia
India
Islamic Republic of Iran
Japan
Kenya
Republic of Korea
Sweden
Thailand
Turkey
Province of China Taiwan
United States
South Africa
Sectors Targeted
Advertising Agencies
54181
Finance and Insurance
52
Accommodation
721
Utilities
22
Semiconductor and Other Electronic Component Manufacturing
33441
Air Transportation
481
Technology
Grantmaking and Giving Services
8132
Management Consulting Services
54161
Oil and Gas Extraction
211
Pharmaceutical and Medicine Manufacturing
32541
Research and Development in the Social Sciences and Humanities
54172
Motion Picture and Video Production
51211
Public Relations Agencies
54182
Educational Support Services
6117
Motor Vehicle Manufacturing
3361
Commercial Banking
52211
Construction
23
Real Estate
531
Newspaper Publishers
51111
Insurance Carriers and Related Activities
524
Civic and Social Organizations
8134
National Security and International Affairs
928110
All Other Information Services
51919
Executive, Legislative, and Other General Government Support
9211
Hospitals
622
Telecommunications
517
Computer Systems Design and Related Services
54151
Data Processing, Hosting, and Related Services
51821
Toilet Preparation Manufacturing
32562
Public Administration
92
Employment Placement Agencies and Executive Search Services
56131
Computer Systems Design Services
541512
Freight Transportation Arrangement
48851
Internet Publishing and Broadcasting and Web Search Portals
51913
Details
Origin
🇨🇳 CN
Last Updated
20 Jan 2026
Malware Families 23
ccleaner_backdoor
aurora
sorgu
unidentified_075
Vantom
serialvlogger
houdini
zhmimikatz
COBALTSTRIKE
win.shadow_rat
dmsspy
coldlock
dboxagent
zwShell
H-worm
gearshift
NewCore
highnoon_bin
crackshot
dubrute
darkstrat
GodRAT
adwind
MITRE ATT&CK 160
T1001
T1001.002
T1001.003
T1003
T1003.001
T1003.002
T1003.003
T1005
T1008
T1012
T1014
T1016
T1018
T1021
T1021.001
T1021.002
T1027 - Obfuscated Files or Information
T1027.002
T1027.013
T1030
T1033
T1036
T1036.004
T1036.005
T1037
T1041 - Exfiltration Over C2 Channel
T1046
T1047
T1048
T1048.003
T1049
T1053 - Scheduled Task/Job
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1056.001
T1057
T1059
T1059.001
T1059.003
T1059.004
T1059.007
T1069
T1070
T1070.001
T1070.003
T1070.004
T1071 - Application Layer Protocol
T1071.001
T1071.002
T1071.004
T1074
T1074.001
T1078
T1082 - System Information Discovery
T1083
T1087
T1087.001
T1087.002
T1090
T1098
T1098.007
T1102 - Web Service
T1102.001
T1104
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1112
T1119
T1133
T1134
T1135
T1136
T1136.001
T1140 - Deobfuscate/Decode Files or Information
T1189
T1190
T1195
T1195.002
T1197
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1213
T1213.003
T1213.006
T1218 - Signed Binary Proxy Execution
T1218.001
T1218.011
T1480
T1480.001
T1484
T1484.001
T1486
T1496
T1496.001
T1505
T1505.003
T1542
T1542.003
T1543
T1543.003
T1546
T1546.008
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550
T1550.002
T1553
T1553.002
T1555
T1555.003
T1560
T1560.001
T1560.003
T1562
T1562.006
T1563
T1563.002
T1566 - Phishing
T1566.001
T1567
T1567.002
T1568
T1568.002
T1569
T1569.002
T1570
T1573
T1573.002
T1574 - Hijack Execution Flow
T1574.001
T1574.006
T1583
T1583.001
T1583.002
T1583.003
T1583.007
T1584
T1584.005
T1586
T1586.003
T1588
T1588.002
T1588.003
T1593
T1593.002
T1594
T1595
T1595.002
T1595.003
T1596
T1596.005
T1599
T1656
T1680
T1684
T1684.001
T1685
T1685.005