Nation-State Actor
APT27 (Emissary Panda)
China • Active since 2010
APT27 is a Chinese hacking group that steals secrets from defense and tech companies. Recently they started using ransomware too, which is unusual for a government spy group.
Overview
APT27 is a Chinese state-sponsored threat group that targets aerospace, government, defense, technology, and energy sectors. They have recently pivoted to include ransomware in their operations.
Also Known As
Emissary Panda, Iron Tiger, TG-3390, Bronze Union, LuckyMouse
Target Industries
Defense, Technology, Energy, Aerospace, Government
Target Regions
United States, Europe, Middle East, Asia
Is your business exposed?
Tactics, Techniques & Procedures
- • Exploitation of public-facing applications
- • Web shells
- • DLL side-loading
- • Ransomware deployment
- • Living off the land
Known Tools & Malware
HyperBro, ZxShell, PlugX, China Chopper, Korplug
Notable Campaigns
Gaming Industry Attacks (2021)
Targeted gaming companies with ransomware for financial gain.
Aerospace Targeting (2019)
Long-running campaign against aerospace and defense contractors.
MITRE ATT&CK Techniques
T1190, T1505.003, T1574.002, T1486, T1059
Defense Recommendations
- 1.
Patch public-facing applications immediately
- 2.
Monitor for web shell indicators
- 3.
Implement DLL side-loading detection
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required