NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Aquatic Panda

Aquatic Panda

G0143 China MITRE ATT&CK →

Overview

Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, Aquatic Panda has primarily targeted entities in the telecommunications, technology, and government sectors.

Targets

Covid-19 Research Organizations · Cryptocurrency · Education · Gambling Companies · Government Institutions · Media · Medical · Pro-democracy And Human Rights Political Organizations · Religious Organization · Telecommunications

Regions

Australia · China · France · Germany · Hong Kong · Japan · Mongolia · Nepal · Nigeria · Philippines · Taiwan · Thailand · United Arab Emirates · United States · Vietnam

Capabilities

  • Custom malware/implant development — ATT&CK: 5 attributed custom malware families

TTPs — 35 techniques across 11 tactics

Reconnaissance

Resource Development

Execution

Persistence

Stealth

Defense Impairment

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Tools & malware (6)

Wevtutil · Winnti for Windows · njRAT · Cobalt Strike · ShadowPad · Winnti for Linux

Reporting (1)

Need the matrix overlay, mind-map, or technique-flow view? Open the interactive Group Profiler in a browser with JavaScript enabled.