Nation-State Actor

APT31 (Zirconium)

China • Active since 2010

APT31 is a Chinese spy group that goes after politicians and government workers. They tried to hack US election campaigns and European parliaments. They are very good at hiding their malware.

Overview

APT31 is a Chinese state-sponsored threat group that targets government entities, international affairs organizations, and political campaigns. They are known for using custom malware and sophisticated obfuscation techniques.

Also Known As

Zirconium, Judgment Panda, Bronze Vinewood, Violet Typhoon

Target Industries

Government, Political, Think Tanks, NGOs, International Affairs

Target Regions

United States, Europe, Finland, Norway, Germany

Is your business exposed?

Tactics, Techniques & Procedures

  • Spear-phishing
  • Watering hole attacks
  • Use of ORB (Operational Relay Box) networks
  • Heavy code obfuscation
  • Living off the land

Known Tools & Malware

RAWDOOR, Trochilus, DROPCAT, ORB networks, Custom packers

Notable Campaigns

European Parliament Targeting (2021)

Targeted European Parliament members and their staff.

US Election Campaign Targeting (2020)

Targeted staff of US presidential campaigns.

MITRE ATT&CK Techniques

T1566.001, T1189, T1090.003, T1027, T1059

Defense Recommendations

  1. 1.

    Assess political targeting risk

  2. 2.

    Implement advanced threat protection

  3. 3.

    Train staff on targeted phishing

Related Threat Actors

Apt10 Stone Panda, Apt27 Emissary Panda

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices