← threatfilter.dev / all groups / ZIRCONIUM
ZIRCONIUM
Also known as: APT31 · Violet Typhoon
Overview
ZIRCONIUM is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.
TTPs — 29 techniques across 11 tactics
Reconnaissance
-
T1598Phishing for Information -
T1598.003Spearphishing Link
Resource Development
-
T1583.001Domains -
T1583.006Web Services -
T1584.008Network Devices
Initial Access
-
T1566.002Spearphishing Link
Execution
-
T1059.003Windows Command Shell -
T1059.006Python -
T1204.001Malicious Link
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Privilege Escalation
Stealth
-
T1027.002Software Packing -
T1036Masquerading -
T1036.004Masquerade Task or Service -
T1140Deobfuscate/Decode Files or Information -
T1218.007Msiexec
Credential Access
-
T1555.003Credentials from Web Browsers
Discovery
-
T1012Query Registry -
T1016System Network Configuration Discovery -
T1033System Owner/User Discovery -
T1082System Information Discovery -
T1124System Time Discovery
Command and Control
-
T1090.003Multi-hop Proxy -
T1102.002Bidirectional Communication -
T1105Ingress Tool Transfer -
T1573.001Symmetric Cryptography -
T1665Hide Infrastructure
Exfiltration
-
T1041Exfiltration Over C2 Channel -
T1567.002Exfiltration to Cloud Storage
Reporting (3)
- How Microsoft names threat actors — Microsoft
- The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day — Itkin, E. and Cohen, I
- New cyberattacks targeting U.S. elections — Burt, T