APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
UNC3886 · APT Atlas
Actors
/
Nation-state / APT
/
Asia
UNC3886
APT
CN · China
Targets
16
Sectors
2
Threat types
1
GIRs covered
0/480
Active since
—
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 16 countries
Region filter
Export
origin · China
targeted countries · 16
ASIA ·
7
Armenia
·
India
·
Philippines
·
Singapore
·
Türkiye
·
Taiwan
·
Vietnam
OCEANIA ·
1
Australia
EUROPE ·
5
Switzerland
·
Spain
·
France
·
Ireland
·
Liechtenstein
AMERICAS ·
2
Chile
·
United States
AFRICA ·
1
South Africa
Sectors targeted
2 of 40
Aerospace
49 actors
Telecom
57 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 39 techniques
Reconnaissance
· 1
T1681
Search Threat Vendor Data
Initial Access
· 1
T1190
Exploit Public-Facing Application
Execution
· 7
T1059.001
PowerShell
T1059.003
Persistence
· 3
T1037
Boot or Logon Initialization Scripts
T1037.004
RC Scripts
Privilege Escalation
· 2
T1068
Exploitation for Privilege Escalation
T1548
Abuse Elevation Control Mechanism
Credential Access
· 4
T1003.001
LSASS Memory
Discovery
· 4
T1057
Process Discovery
Lateral Movement
· 2
T1021.004
SSH
T1570
Lateral Tool Transfer
Collection
· 2
T1560.001
Archive via Utility
T1560.003
Archive via Custom Method
Command And Control
· 2
T1008
Fallback Channels
T1095
Non-Application Layer Protocol
Defense Impairment
· 3
T1685
Disable or Modify Tools
T1686
Disable or Modify System Firewall
Stealth
· 8
T1014
Rootkit
T1036.004
Masquerade Task or Service
T1070.004
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
Windows Command Shell
T1059.004
Unix Shell
T1059.006
Python
T1059.012
Hypervisor CLI
T1203
Exploitation for Client Execution
T1675
ESXi Administration Command
T1554
Compromise Host Software Binary
T1040
Network Sniffing
T1212
Exploitation for Credential Access
T1555.005
Password Managers
T1083
File and Directory Discovery
T1124
System Time Discovery
T1673
Virtual Machine Discovery
T1690
Prevent Command History Logging
File Deletion
T1078
Valid Accounts
T1205
Traffic Signaling
T1205.001
Port Knocking
T1218.011
Rundll32
T1564.011
Ignore Process Interrupts