APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
HAFNIUM (aka Silk Typhoon, DEV-0322) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
HAFNIUM
APT
CN · China
AKA
Silk Typhoon · DEV-0322 · Operation Exchange Marauder
PRC cluster behind the 2021 Microsoft Exchange ProxyLogon mass exploitation.
Targets
2
Sectors
10
Threat types
1
GIRs covered
0/480
Active since
2017
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 2 countries
Region filter
Export
origin · China
targeted countries · 2
ASIA ·
1
United Arab Emirates
AMERICAS ·
1
United States
Sectors targeted
10 of 40
Government
83 actors
Defense
60 actors
Financial Services
61 actors
Healthcare
38 actors
Technology
51 actors
Telecom
57 actors
Education & Research
50 actors
Legal & Professional
13 actors
Consulting / Professional Services
26 actors
Industrials / Engineering
23 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 33 techniques
Reconnaissance
· 3
T1589.002
Email Addresses
T1590
Gather Victim Network Information
T1592.004
Client Configurations
Resource Development
· 3
T1583.003
Virtual Private Server
T1583.005
Botnet
Initial Access
· 2
T1190
Exploit Public-Facing Application
Execution
· 2
T1059.001
PowerShell
T1059.003
Persistence
· 1
T1098
Account Manipulation
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 3
T1003.001
LSASS Memory
Discovery
· 5
T1016
System Network Configuration Discovery
Lateral Movement
· 1
Collection
· 4
T1005
Data from Local System
T1114.002
Remote Email Collection
T1119
Automated Collection
Exfiltration
· 1
T1567.002
Exfiltration to Cloud Storage
Command And Control
· 3
T1071.001
Web Protocols
T1095
Non-Application Layer Protocol
Stealth
· 4
T1078.003
Local Accounts
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1583.006
Web Services
T1199
Trusted Relationship
Windows Command Shell
T1003.003
NTDS
T1555.006
Cloud Secrets Management Stores
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1057
Process Discovery
T1083
File and Directory Discovery
T1550.001
Application Access Token
T1560.001
Archive via Utility
T1105
Ingress Tool Transfer
T1078.004
Cloud Accounts
T1218.011
Rundll32
T1564.001
Hidden Files and Directories