Nation-State Actor

Aquatic Panda

China • Active since 2020

Aquatic Panda does spy work for China but also does ransomware attacks for money. They are unusual because most government hackers stick to spying, but this group does both.

Overview

Aquatic Panda is a Chinese state-sponsored threat group that uses dual-mission operations, conducting both intelligence collection and financially motivated attacks against their targets.

Target Industries

Technology, Telecommunications, Government, Academic

Target Regions

Global

Is your business exposed?

Tactics, Techniques & Procedures

  • Dual-purpose operations
  • Log4Shell exploitation
  • Ransomware deployment
  • Credential harvesting
  • Lateral movement

Known Tools & Malware

Cobalt Strike, Njrat, Mimikatz, ShadowPad variants

Notable Campaigns

Log4Shell Exploitation (2021-2022)

Rapid exploitation of Log4j vulnerabilities for initial access.

Academic Targeting (2022)

Targeted academic institutions for research theft.

MITRE ATT&CK Techniques

T1190, T1059, T1003, T1486, T1078

Defense Recommendations

  1. 1.

    Verify Log4j patches are complete

  2. 2.

    Monitor for ShadowPad indicators

  3. 3.

    Implement academic research protection

Related Threat Actors

Apt41 Double Dragon, Winnti Group

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices