Home > List all groups > APT 31, Judgment Panda, Zirconium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: APT 31, Judgment Panda, Zirconium

NamesAPT 31 (Mandiant)
Judgment Panda (CrowdStrike)
Zirconium (Microsoft)
RedBravo (Recorded Future)
Bronze Vinewood (SecureWorks)
CountryChina China
SponsorState-sponsored, Ministry of State Security
MotivationInformation theft and espionage
First seen2016
DescriptionFireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.

Also see Hafnium.
ObservedCountries: Belarus, Canada, Finland, France, Mongolia, Norway, Russia, USA.
Tools used9002 RAT, China Chopper, Gh0st RAT, HiKit, PlugX, Sakula RAT, Trochilus RAT.
Operations performedSummer 2018Norway says Chinese group APT31 is behind catastrophic 2018 government hack
Aug 2020New cyberattacks targeting U.S. elections
Autumn 2020Finnish Parliament attackers hack lawmakers’ email accounts
Apr 2021APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Jul 2021France warns of APT31 cyberspies targeting French organizations

Last change to this card: 09 August 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key