Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT31 – Judgment Panda – CHINA

August 13, 2021
Reading Time: 2 mins read
in APT
APT31 – Judgment Panda – CHINA

APT31 is a China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.

Name: APT 31 (Mandiant), Judgment Panda (CrowdStrike), Zirconium (Microsoft), RedBravo (Recorded Future), Bronze Vinewood (SecureWorks)

Location:  China

Suspected attribution: State-sponsored, Ministry of State Security

Date of initial activity: 2014

Targets:  Multiple, including government, international financial organization, and aerospace and defense organizations, as well as high tech, construction and engineering, telecommunications, media, and insurance.

Motivation: Espionage

Associated tools: DropboxAES RAT, HanaLoader, Metasploit, Mimikatz, Reverse ICMP shell, Trochilus, 9002 RAT, China Chopper, Gh0st RAT, HiKit, PlugX, Sakula RAT, Trochilus RAT.

Attack vectors: APT31 has exploited vulnerabilities in applications such as Java and Adobe Flash to compromise victim environments.

How they work: FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competitive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.

BRONZE VINEWOOD are a targeted threat group that has been observed targeting organizations involved in legal, consulting and software development. CTU research also suggests that organizations operating in government or defense supply chains, or providing services to those organizations, are exposed to greater threat from targeted threat groups like BRONZE VINEWOOD.

The group has been observed to use a range of tools for initial access, persistence and lateral movement, including but not limited to: SQL injection, Trochilus RAT, HanaRat, and other malware. Stolen data has been compressed as rar files and staged in temp directories on compromised servers prior to exfiltration. In targeted intrusions that Secureworks has investigated, the group has been careful to compartmentalize command and control infrastructure in order to make it harder to link BRONZE VINEWOOD activity across multiple clients. The group has used public sites such as Github and Dropbox for command and control

Organizations should consider the threat from these types of targeted attacks as part of their risk-management strategies and ensure that additional controls are applied to sensitive or high-risk datasets. Organizations should also implement monitoring strategies that detect known-good software executing from suspicious locations and detect behaviors associated with DLL search order hijacking, suspicious native tool use and privilege escalation activities (e.g., Mimikatz dumping LSASS).

Tags: Advanced Persistent ThreatAPT31
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial