ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > APT 31, Judgment Panda, Zirconium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: APT 31, Judgment Panda, Zirconium

NamesAPT 31 (Mandiant)
Judgment Panda (CrowdStrike)
Zirconium (Microsoft)
RedBravo (Recorded Future)
Bronze Vinewood (SecureWorks)
TA412 (Proofpoint)
Violet Typhoon (Microsoft)
CountryChina China
SponsorState-sponsored, Ministry of State Security
MotivationInformation theft and espionage
First seen2016
DescriptionFireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.

Also see Hafnium.
ObservedCountries: Belarus, Canada, Finland, France, Mongolia, Norway, Russia, USA.
Tools used9002 RAT, China Chopper, Gh0st RAT, HiKit, PlugX, Sakula RAT, Trochilus RAT.
Operations performedSummer 2018Norway says Chinese group APT31 is behind catastrophic 2018 government hack
Aug 2020New cyberattacks targeting U.S. elections
Autumn 2020Finnish Parliament attackers hack lawmakers’ email accounts
Early 2021Tracing State-Aligned Activity Targeting Journalists, Media
Apr 2021APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Jul 2021France warns of APT31 cyberspies targeting French organizations
Feb 2022In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government.
Apr 2022Hackers use new malware to breach air-gapped devices in Eastern Europe

Last change to this card: 06 September 2023

Download this actor card in PDF or JSON format

Previous: APT 30, Override Panda
Next: APT 32, OceanLotus, SeaLotus

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]