ETDA ThaiCERT
Report
Search
Home > List all groups > APT 31, Judgment Panda, Zirconium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: APT 31, Judgment Panda, Zirconium

NamesAPT 31 (Mandiant)
Judgment Panda (CrowdStrike)
Zirconium (Microsoft)
RedBravo (Recorded Future)
CountryChina China
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2016
DescriptionFireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.
Observed
Tools used9002 RAT, China Chopper, Gh0st RAT, HiKit, PlugX, Sakula RAT, Trochilus RAT.
Information<https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85>
<https://blog.confiant.com/zirconium-was-one-step-ahead-of-chromes-redirect-blocker-with-0-day-2d61802efd0d>
<https://threatpost.com/microsoft-offers-analysis-of-zero-day-being-exploited-by-zirconium-group/124600/>
<https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html>

Last change to this card: 04 August 2020

Download this actor card in PDF or JSON format

Previous: APT 30, Override Panda
Next: APT 32, OceanLotus, SeaLotus

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key