ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > APT 31, Judgment Panda, Zirconium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: APT 31, Judgment Panda, Zirconium

NamesAPT 31 (Mandiant)
Judgment Panda (CrowdStrike)
Zirconium (Microsoft)
RedBravo (Recorded Future)
Bronze Vinewood (SecureWorks)
CountryChina China
SponsorState-sponsored, Ministry of State Security
MotivationInformation theft and espionage
First seen2016
DescriptionFireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.

Also see Hafnium.
ObservedCountries: Belarus, Canada, Finland, France, Mongolia, Norway, Russia, USA.
Tools used9002 RAT, China Chopper, Gh0st RAT, HiKit, PlugX, Sakula RAT, Trochilus RAT.
Operations performedSummer 2018Norway says Chinese group APT31 is behind catastrophic 2018 government hack
<https://therecord.media/norway-says-chinese-group-apt31-is-behind-catastrophic-2018-government-hack/>
Aug 2020New cyberattacks targeting U.S. elections
<https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/>
<https://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/>
Autumn 2020Finnish Parliament attackers hack lawmakers’ email accounts
<https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/>
<https://www.bleepingcomputer.com/news/security/chinese-nation-state-hackers-linked-to-finnish-parliament-hack/>
Apr 2021APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
<https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-new-attacks/>
Jul 2021France warns of APT31 cyberspies targeting French organizations
<https://www.bleepingcomputer.com/news/security/france-warns-of-apt31-cyberspies-targeting-french-organizations/>
Information<https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85>
<https://blog.confiant.com/zirconium-was-one-step-ahead-of-chromes-redirect-blocker-with-0-day-2d61802efd0d>
<https://threatpost.com/microsoft-offers-analysis-of-zero-day-being-exploited-by-zirconium-group/124600/>
<https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html>
<https://research.checkpoint.com/2021/the-story-of-jian/>

Last change to this card: 09 August 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key