APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT27 (aka Group 35, BRONZE UNION) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT27
APT
CN · China
AKA
Group 35 · BRONZE UNION · Earth Smilodon · Iron Tiger · ZipToken · LuckyMouse · Threat Group 3390
CrowdStrike
:
EMISSARY PANDA
Secureworks
:
TG-3390
Targets
23
Sectors
11
Threat types
1
GIRs covered
0/480
Active since
2010
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 23 countries
Region filter
Export
origin · China
targeted countries · 23
ASIA ·
13
United Arab Emirates
·
Israel
·
India
·
Iran
·
Kuwait
·
Kazakhstan
·
Philippines
·
Qatar
·
Saudi Arabia
·
Singapore
·
Thailand
·
Türkiye
·
Taiwan
AMERICAS ·
3
Argentina
·
Canada
·
United States
EUROPE ·
6
Germany
·
Spain
·
France
·
United Kingdom
·
Serbia
·
Ukraine
AFRICA ·
1
Tunisia
Sectors targeted
11 of 40
Government
83 actors
Aerospace
49 actors
Healthcare
38 actors
Technology
51 actors
Telecom
57 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Consulting / Professional Services
26 actors
Industrials / Engineering
23 actors
Private Sector (generic)
28 actors
Maritime
21 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 40 techniques
Initial Access
· 5
T1189
Drive-by Compromise
T1190
Exploit Public-Facing Application
T1195.002
Compromise Software Supply Chain
T1199
Trusted Relationship
T1566.001
Spearphishing Attachment
Execution
· 5
T1047
Windows Management Instrumentation
Persistence
· 2
T1543.003
Windows Service
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 4
T1003.001
LSASS Memory
Discovery
· 6
T1012
Query Registry
T1016
System Network Configuration Discovery
Lateral Movement
· 2
T1021.006
Windows Remote Management
T1210
Collection
· 3
T1005
Data from Local System
T1119
Automated Collection
Exfiltration
· 2
T1030
Data Transfer Size Limits
T1567.002
Exfiltration to Cloud Storage
Command And Control
· 2
T1071.001
Web Protocols
Defense Impairment
· 1
T1112
Modify Registry
Stealth
· 7
T1027.002
Software Packing
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1053.002
At
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1203
Exploitation for Client Execution
T1547.001
Registry Run Keys / Startup Folder
T1003.002
Security Account Manager
T1003.004
LSA Secrets
T1555.005
Password Managers
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1046
Network Service Discovery
T1049
System Network Connections Discovery
Exploitation of Remote Services
T1560.002
Archive via Library
T1105
Ingress Tool Transfer
T1027.015
Compression
T1055.012
Process Hollowing
T1070.004
File Deletion
T1070.005
Network Share Connection Removal
T1078
Valid Accounts
T1140
Deobfuscate/Decode Files or Information