Nation-State Actor
Charcoal Typhoon
China • Active since 2021
Charcoal Typhoon is a Chinese hacking group that pretends to be ransomware criminals but is actually stealing secrets. They use ransomware as a smokescreen to hide their real spy missions.
Overview
Charcoal Typhoon is a Chinese state-sponsored threat actor focused on espionage operations targeting government entities, IT organizations, and defense contractors. They are known for deploying ransomware as a cover for intelligence collection.
Also Known As
CHROMIUM, ControlX, Bronze Starlight
Target Industries
Government, Technology, Defense, Critical Infrastructure
Target Regions
United States, Europe, South America, Asia
Is your business exposed?
Tactics, Techniques & Procedures
- • Ransomware as cover for espionage
- • Exploitation of public-facing applications
- • Living off the land techniques
- • DLL side-loading
Known Tools & Malware
Cobalt Strike, Sliver, ShadowPad, China Chopper
Notable Campaigns
Ransomware Diversion Operations (2022)
Used ransomware deployments to mask espionage activities and complicate attribution.
Critical Infrastructure Targeting (2023)
Targeted energy and telecommunications sectors for intelligence collection.
MITRE ATT&CK Techniques
T1190, T1486, T1574.002, T1059.001
Defense Recommendations
- 1.
Monitor for ShadowPad backdoor indicators
- 2.
Implement ransomware defenses for critical systems
- 3.
Review DLL loading security
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required