APT30
High ConfidenceHigh ThreatNaikon • Bronze Mahogany • Override Panda
APT30 is a sophisticated threat group with suspected ties to the Chinese government that has been active for over a decade, primarily focusing on cyber espionage against targets in Southeast Asia and India. The group is known for its consistent and long-term operations, utilizing a well-maintained and customized set of malware tools to steal sensitive political, economic, and military information. Their sustained activities, coupled with a coherent development plan for their malware, suggest a well-organized and state-sponsored effort. APT30's targeting of government and commercial entities, as well as journalists, aligns with the strategic interests of the Chinese government, particularly concerning regional security and political issues. The group's operational methodology is characterized by a professional and structured approach, including the use of a two-stage command and control infrastructure to maintain stealth and scalability. They employ a range of custom malware, such as the BACKSPACE and NETEAGLE backdoors, along with tools designed to exfiltrate data from air-gapped networks. APT30's notable campaigns often coincide with significant political events, such as ASEAN summits, and their social engineering tactics are tailored to regional political and military themes. The group's ability to operate for such an extended period without significant changes to their core tools and tactics underscores their effectiveness and the persistent nature of their mission.
APT30 is a sophisticated threat group with suspected ties to the Chinese government that has been active for over a decade, primarily focusing on cyber espionage against targets in Southeast Asia and India. The group is known for its consistent and long-term operations, utilizing a well-maintained and customized set of malware tools to steal sensitive political, economic, and military information. Their sustained activities, coupled with a coherent development plan for their malware, suggest a well-organized and state-sponsored effort. APT30's targeting of government and commercial entities, as well as journalists, aligns with the strategic interests of the Chinese government, particularly concerning regional security and political issues. The group's operational methodology is characterized by a professional and structured approach, including the use of a two-stage command and control infrastructure to maintain stealth and scalability. They employ a range of custom malware, such as the BACKSPACE and NETEAGLE backdoors, along with tools designed to exfiltrate data from air-gapped networks. APT30's notable campaigns often coincide with significant political events, such as ASEAN summits, and their social engineering tactics are tailored to regional political and military themes. The group's ability to operate for such an extended period without significant changes to their core tools and tactics underscores their effectiveness and the persistent nature of their mission.
Target Sectors
Target Regions
Attributed to State-Sponsored (China). Attribution confidence: High.
Future Outlook
APT30 is expected to continue operations targeting Government.
First observed activity
Ongoing operations