ETDA ThaiCERT
Report
Search
Home > List all groups > Anchor Panda, APT 14

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Anchor Panda, APT 14

NamesAnchor Panda (CrowdStrike)
APT 14 (Mandiant)
Aluminum (Microsoft)
QAZTeam (?)
CountryChina China
SponsorState-sponsored, PLA Navy
MotivationInformation theft and espionage
First seen2012
Description(CrowdStrike) Anchor Panda is an adversary that CrowdStrike has tracked extensively over the last year targeting both civilian and military maritime operations in the green/brown water regions primarily in the area of operations of the South Sea Fleet of the PLA Navy. In addition to maritime operations in this region, Anchor Panda also heavily targeted western companies in the US, Germany, Sweden, the UK, and Australia, and other countries involved in maritime satellite systems, aerospace companies, and defense contractors.

Not surprisingly, embassies and diplomatic missions in the region, foreign intelligence services, and foreign governments with space programs were also targeted.
ObservedSectors: Aerospace, Defense, Engineering, Government, Industrial and NGOs in the green/brown water regions primarily in the area of operations of the South Sea Fleet of the PLA Navy.
Countries: Australia, Germany, Sweden, UK, USA and others.
Tools usedGh0st RAT, Poison Ivy, Torn RAT.
Information<https://www.crowdstrike.com/blog/whois-anchor-panda/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Allanite
Next: APT 3, Gothic Panda, Buckeye

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key