List of the top 20 Advanced Persistent Threat Groups.
Advanced Persistent Threat Group APT1, also known as the Comment Crew, is a Chinese cyber espionage group that has been active since at least 2006. The group is believed to be associated with the Chinese military’s Unit 61398 and is thought to have stolen hundreds of terabytes of data from dozens of organizations around the world.
The group is known to use a variety of techniques to gain access to their victims’ networks, including spear phishing, malware, and exploits. The group has been linked to a number of high-profile attacks, including the 2014 attack on the US Office of Personnel Management, and is believed to be responsible for a large portion of the cyber espionage taking place in China.
Advanced Persistent Threat Group Putter Panda, also known as APT2 and TG-6952, is a Chinese advanced persistent threat (APT) group associated with Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department.
Putter Panda is believed to have been operational since at least 2010 and is known to target technology firms, telecommunications companies, and space firms in the United States, Japan, and Europe. The group is known to use a variety of malicious tools such as malware, malware droppers, backdoors, and remote access Trojans to compromise their targets. Putter Panda has also been observed using spear-phishing campaigns and zero-day exploits to gain access to target systems.
Advanced Persistent Threat Group APT3 (also known as Gothic Panda, Pirpi, Buckeye) is a China-based threat group that was first discovered in 2010. The group is linked to the Chinese Ministry of State Security and is responsible for cyber espionage operations targeting a wide range of organizations across multiple sectors.
APT3 is known for its advanced and highly targeted attack techniques, as well as its use of custom tools and malware. It has been linked to operations targeting companies in the United States, Japan, South Korea, and other countries.
APT3 has been known to use zero-day exploits, stolen digital certificates, and other techniques to gain access to target systems. Additionally, the group has been known to use spear-phishing emails, malicious websites, and other methods to gain access to target networks.
Advanced Persistent Threat Group APT4 Tsar Team is a cyber threat group believed to be operating out of China. The group, also known as APT4, Sednit, Fancy Bear, and Group 74, is believed to be connected with the PLA Navy. They are known for engaging in cyber-espionage, stealing confidential information and data from government and military organizations worldwide.
They have also been linked to cyber-attacks against the US government and other organizations. The group is known for using sophisticated malware, tools and techniques to compromise systems and gain access to sensitive data. They are also known for using spear phishing emails with malicious attachments to spread their malware.
Advanced Persistent Threat Group APT5 Red Apollo is a cyber espionage group that is believed to be operating out of China. The group has been active since at least 2010 and is focused on stealing sensitive information from organizations in the United States, Japan, and South Korea.
The group is known to leverage a variety of malicious tools and techniques, including spear phishing campaigns, malicious document exploitation, and custom backdoors. APT5 Red Apollo has also been observed using compromised websites as part of its infrastructure.
Advanced Persistent Threat Group APT6 RedEcho is a cyber-espionage campaign targeting India’s power grid. The group is believed to be associated with the Chinese government and is thought to have extensively infiltrated the Indian power grid.
The primary goal of the campaign is to gather intelligence, but the group has also been seen attempting to manipulate the power grid. The campaign is thought to have begun in early 2020 and remains active.
Advanced Persistent Threat Group APT7, also known as the Codoso Team, is a Chinese-based threat group that has been active since at least 2013. The group is known for targeting a wide range of industries, including military, government, financial, and high-tech sectors.
APT7 has been linked to a number of sophisticated cyber espionage activities, including the theft of sensitive information. The group has been linked to attacks on organizations in multiple countries, including the United States, United Kingdom, India, and Japan. The group is known to use a variety of tools, including custom malware, to conduct its operations.
Advanced Persistent Threat Group APT8 Shell Crew is a cybercriminal group believed to be based out of China. The group is also known as Shell Crew, WebMasters, KungFu Kittens, PinkPanther and Black Vine. The group is believed to be affiliated with the Chinese government and is responsible for a range of cyberattacks targeting government and commercial organizations.
The group is known to use a variety of malicious tools, including web shells and spear phishing emails with malicious attachments or links. They are also known to use the ‘China Chopper’ web shell in their attacks. The ultimate goal of the group’s cyber operations is to steal confidential information and intellectual property.
Advanced Persistent Threat Group APT9 Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. It is believed to be connected to the Chinese government and is believed to have been active since at least 2009.
The group has been known to use multiple malware tools, including a custom malware called ‘El Machete’, as well as zero-day exploits and spear-phishing techniques to target its victims. The group has been observed engaging in espionage and intellectual property theft.
Advanced Persistent Threat Group APT10 Stone Panda, also known as CVNX and Red Apollo, is a Chinese state-sponsored threat actor operating since at least 2013. It is believed to be part of the Tianjin bureau of the Chinese Ministry of State Security and has been linked to multiple intrusions against organizations in the United States, Europe, Southeast Asia, and Japan.
APT10 is known for its use of sophisticated malware and techniques that allow it to gain persistent access to target networks and exfiltrate data. It is also known for its use of compromised web shells and credentials for lateral movement within a network. APT10 is believed to be targeting a range of sectors, including government, finance, telecommunications, and defense.
Advanced Persistent Threat Group APT11 is a Chinese advanced persistent threat (APT) group that has been active since at least 2006. The group is known to target a variety of sectors, including construction and engineering, aerospace, telecom, and government organizations.
It is believed to be associated with the Chinese government and is believed to be responsible for a variety of cyber-espionage activities, such as data theft and other malicious activity. The group is also known to use custom malware, including custom backdoors, to achieve its goals.
Advanced Persistent Threat Group APT12 Wicked Panda is a Chinese-based threat group that has been active since 2009. It is believed to be connected to the Chinese government and has been responsible for targeting media outlets, government organizations, and businesses.
The group has been known to deploy malware, including Trojans, in order to steal data. Additionally, it has been known to use phishing attacks in order to gain access to victims’ systems.
APT12 Wicked Panda is believed to be connected to the larger APT41 threat group, which has also been known to target government organizations and businesses.
Advanced Persistent Threat Group APT13 (a.k.a. LuckyMouse) is a threat group that has been active since at least 2010. It is believed to be based in China and has targeted victims in the Middle East, Central Asia, and South Asia.
The group has been known to use spear-phishing and malware such as PlugX, Poison Ivy, and more recently, the Lokibot malware. APT13 has been known to target government entities, aerospace, and energy organizations, as well as media and financial institutions.
Its operations have been linked to other Chinese-based threat actors such as Emissary Panda and Tonto Team.
Advanced Persistent Threat Group APT14, also known as Wild Neutron, is a Chinese-based advanced persistent threat (APT) group that has been active since at least 2013. The group is believed to be responsible for a number of high-profile attacks, including Operation Clandestine Fox, Operation Poisoned Hurricane, and Operation Night Dragon.
The group has targeted a variety of organizations, including governments, military, and private sector companies, primarily in the United States, Europe, and Asia. APT14 primarily uses spear-phishing emails to deliver malicious payloads, as well as exploits publicly available software vulnerabilities to gain access to the target networks. The group has been observed using a variety of malicious tools, including the PlugX, PoisonIvy, and QuarkBandit remote access tools, as well as various custom malware payloads.
Advanced Persistent Threat Group APT15 (also known as Ke3chang, Mirage, Vixen Panda, Playful Dragon, Metushy, Lurid, Social Network Team, RoyalAPT, BRONZE PALACE, BRONZE DAVENPORT, and Nickel) is a threat group believed to be operating out of China. APT15 is associated with multiple cyberespionage campaigns targeting various high-profile organizations around the world.
The group has used a variety of techniques, including exploiting known vulnerabilities, malicious emails, spear-phishing, and backdoor malware. The group has used a variety of malicious tools, such as the backdoor malware called Okrum and the MirageFox malware. APT15 is believed to be responsible for stealing sensitive documents from organizations in a number of sectors, including government, defense, and technology.
APT15 has been active since at least 2012 and is known to target Windows systems.
Advanced Persistent Threat Group APT16 is a Chinese-based threat group that first emerged in 2015. The group has been attributed to the Chinese government and has targeted a variety of industries, including government, defense, telecommunications, and finance.
The group has been observed using spear phishing campaigns and using compromised websites to deliver malicious payloads. APT16 has also been observed using a variety of custom tools, including the China Chopper web shell, the PcShare remote access tool, and the PlugX backdoor.
APT16 has also been observed using a variety of attack methods, such as exploiting known vulnerabilities, using zero-day exploits, and using ransomware.
Advanced Persistent Threat Group APT17, also known as Deputy Dog or Axiom, is a Chinese state-sponsored threat group that has been active since 2009. They have been found to target a wide range of entities, from U.S. government entities and the defense industry to law firms and Japanese entities.
The group is believed to be responsible for Operation SMN, which targeted various organizations in 2013, as well as Operation DeputyDog, which targeted Japanese entities in 2017. The group typically attempts to gain initial access to a target system through exploitation or phishing, and then uses various tactics to maintain access, such as malware, web shells, and privilege escalation.
Additionally, APT17 has been found to use zero-day exploits, making them particularly dangerous.
Advanced Persistent Threat Group APT18 Group 72 is a threat group that has been active since at least 2009, targeting a wide range of industries including technology, finance, and media. The group is believed to be affiliated with the Chinese government and has been linked to the Night Dragon and Nitro operations.
The group uses a range of techniques such as spear phishing, custom malware, watering hole attacks, and zero-day exploits to gain access to victims’ systems. Targets have included government agencies, corporations, and individuals. The group is known to be highly sophisticated and has used advanced techniques to remain undetected.
Advanced Persistent Threat Group APT19, also known as Codoso, Sunshop Group, Bronze Firestone, and C0d0so0, is a threat group that has been active since at least 2013 and is believed to be based in China. The group is known to target a variety of industries, from government and military organizations to private companies. The group is also known to use malicious tools such as the PlugX remote access Trojan and the Turbine Panda backdoor.
TG-3390 is a threat group that is believed to be associated with APT19. The group is known to use a variety of malicious tools and techniques, such as spear phishing campaigns, malware, and backdoor Trojans. The group has also been linked to a number of campaigns targeting a variety of industries, including government and military organizations.
Advanced Persistent Threat Group APT20, also known as Cloud Hopper, is a cyber espionage campaign that has been attributed to Chinese state-affiliated hackers. The campaign has been active since at least 2014, and is believed to have targeted numerous technology service providers around the world.
The hackers have used a variety of techniques to gain access to networks, including malware, phishing campaigns, and exploitation of known vulnerabilities. The attackers have been known to use some of the same tools as other Chinese state-sponsored groups, including “PlugX” malware and “Hikit” backdoors.
APT20 has been reported to have targeted both government and private businesses in the US, UK, Japan, and other countries. The campaign is believed to be responsible for stealing large amounts of data, including intellectual property and other sensitive information.