Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT21 – Hammer Panda – CHINA

August 12, 2021
Reading Time: 2 mins read
in APT
APT23 – Pirate Panda – CHINA

APT21 leverages strategic Russian-language attachments themed with national security issues in lure documents. Historically, social engineering content is indicative of a cyber espionage operation attempting to gain unauthorized access to privileged information concerning state security in Russia. An analysis of APT21 techniques suggests that another of their focus areas is dissident groups which seek greater autonomy or independence from China, such as those from Tibet or Xinjiang.

Name: Zhenbao, NetTraveler (Kaspersky), APT 21 (Mandiant), Hammer Panda (CrowdStrike), TEMP.Zhenbao (FireEye)

Location: China

Suspected attribution: The later group RedAlpha has infrastructure overlap with NetTraveler.

Date of initial activity:  2003/04

Targets: Government. Defense, Embassies, Government, Oil and gas and Scientific research centers and institutes and Tibetan/Uyghur activists.

Motivation: Information theft and espionage

Associated tools: NetTraveler, PlugX.

Attack vectors:  Hammer Panda is a group of suspected Chinese origin targeting organizations in Russia.

How they work:  APT21 leverages spear phishing email messages with malicious attachment, links to malicious files, or web pages. They have also used strategic web compromises (SWCs) to target potential victims. APT21 frequently uses two backdoors known as TRAVELNET (NetTraveler) and TEMPFUN. Significantly, APT21 typically primarily uses custom backdoors, rarely using publicly available tools.

The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance. The name NetTraveler comes from an internal string which is present in early versions of the malware: NetTraveler Is Running! This malware is used by APT actors for basic surveillance of their victims. Earliest known samples have a timestamp of 2005, although references exist indicating activity as early as 2004. The largest number of samples we observed were created between 2010 and 2013.

Tags: Advanced Persistent ThreatChina
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Subscribe to our newsletter

    Latest Incidents

    Zoomcar Data Breach Hits 8.4 Million Users

    Qilin Gang Leaks Asefa FC Barcelona Data

    Gunra Claims 45TB Hack On Colombia Justice

    Hackers Leak 10K VirtualMacOSX Customer Data

    Canada WestJet Airline Contains Cyberattack

    Washington Post Investigates Cyberattack on Emails

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial