CNG0128

APT31APT31

Also known as: ZIRCONIUM · JUDGMENT PANDA · BRONZE VINEWOOD · Red keres · Violet Typhoon · TA412 · Zirconium · APT31

Origin
CN
Known aliases
8

Profile

FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government. Also according to Crowdstrike, this adversary is suspected of continuing to target upstream providers (e.g., law firms and managed service providers) to support additional intrusions against high-profile assets. In 2018, CrowdStrike observed this adversary using spear-phishing, URL “web bugs” and scheduled tasks to automate credential harvesting.

Aliases· 8

ZIRCONIUMJUDGMENT PANDABRONZE VINEWOODRed keresViolet TyphoonTA412ZirconiumAPT31

MITRE ATT&CK Group crosswalk

G0128

References

  1. https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/
  2. https://duo.com/decipher/apt-groups-moving-down-the-supply-chain
  3. https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf
  4. https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists
  5. https://twitter.com/bkMSFT/status/1201876664667582466
  6. https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain
  7. https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
  8. https://www.secureworks.com/research/threat-profiles/bronze-vinewood

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT30
Actor
APT27
Actor
APT32
Actor
APT41
Actor
APT21
Actor
APT15
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.