Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education
Volt Typhoon was discovered targeting critical infrastructure entities in the US mainland and Guam. Volt Typhoon maintained stealth throughout this espionage campaign.
Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing
Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.
Related Families: Sword2033
China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.
Verticals Targeted: Energy
A recent Bitter APT campaign targeted nuclear energy entities in China. The threat actors used multiple techniques to obtain access to the victim machine, maintain persistence, and download and execute next-stage payloads.
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by China-based threat actors in 2022.
- This report highlights activity perpetrated by China-based threat actors in 2022.
- Threat actors featured in this report include Keyhole Panda, Stone Panda, Deep Panda, Twisted Panda, Vixen Panda, Pirate Panda, Aquatic Panda, Wicked Panda, Mustang Panda, Emissary Panda, Kryptonite Panda, Lotus Panda, TA410, Red Menshen, Scarab, Aoquin Dragon, and Lotus Blossom.
- PolySwarm tracked malware associated with multiple China nexus threat actors in 2022.