APT27
High ConfidenceHigh ThreatEmissary Panda • Lucky Mouse • Bronze Union • Silk Typhoon • Budworm • Circle Typhoon +2 more
APT27, also known as Emissary Panda, Lucky Mouse, and Bronze Union, is a highly sophisticated and active cyber espionage group with strong suspected links to the Chinese government. Active since at least 2010, the group has a long history of targeting a wide range of industries for intellectual property theft and data exfiltration. Their primary motivation appears to be espionage, aligning with the strategic interests of the Chinese state, although some reports suggest a secondary motivation of financial gain. The group is known for its technical prowess, employing a diverse arsenal of custom malware and tools, as well as publicly available utilities. They have a track record of leveraging zero-day vulnerabilities and sophisticated tactics, techniques, and procedures (TTPs) to achieve their objectives. APT27's operational tempo has remained high over the years, with the group continuously evolving its toolset and methodologies to evade detection and maintain persistence in victim networks. Their global reach and focus on high-value targets make them a significant and persistent threat in the cyber landscape.
APT27, also known as Emissary Panda, Lucky Mouse, and Bronze Union, is a highly sophisticated and active cyber espionage group with strong suspected links to the Chinese government. Active since at least 2010, the group has a long history of targeting a wide range of industries for intellectual property theft and data exfiltration. Their primary motivation appears to be espionage, aligning with the strategic interests of the Chinese state, although some reports suggest a secondary motivation of financial gain. The group is known for its technical prowess, employing a diverse arsenal of custom malware and tools, as well as publicly available utilities. They have a track record of leveraging zero-day vulnerabilities and sophisticated tactics, techniques, and procedures (TTPs) to achieve their objectives. APT27's operational tempo has remained high over the years, with the group continuously evolving its toolset and methodologies to evade detection and maintain persistence in victim networks. Their global reach and focus on high-value targets make them a significant and persistent threat in the cyber landscape.
Target Sectors
Target Regions
Attributed to State-Sponsored (China). Attribution confidence: High.
Future Outlook
APT27 is expected to continue operations targeting Government.
First observed activity
Ongoing operations