ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Twisted Panda

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Twisted Panda

NamesTwisted Panda (Check Point)
CountryChina China
MotivationInformation theft and espionage
First seen2021
Description(Check Point) Check Point Research (CPR) unveils a targeted campaign against at least two research institutes in Russia, which are part of the Rostec corporation, a state-owned defense conglomerate.

This campaign is a continuation of what is believed to be a long-running espionage operation against Russian-related entities that has persisted since at least July 2021. The operation may still be ongoing, as the most recent activity was observed in April 2022.

This activity was attributed to a Chinese threat actor, with possible connections to Stone Panda, APT 10, menuPass, a sophisticated and experienced nation-state-backed actor, and Mustang Panda, another proficient China-based cyber espionage group. The campaign has been dubbed Twisted Panda to reflect the sophistication of the tools observed and the attribution to China.

The hackers use new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations.
ObservedSectors: Defense.
Countries: Belarus, Russia.
Tools usedSPINNER.

Last change to this card: 19 July 2022

Download this actor card in PDF or JSON format

Previous: Turla, Waterbug, Venomous Bear
Next: UltraRank

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]