🫐

APT5

Aliases

Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630

Tags

State-Sponsored

Attribution

🇨🇳

References

https://www.mandiant.com/resources/insights/apt-groupshttps://attack.mitre.org/groups/G1023/

Last edited

Oct 14, 2024 1:02 PM

Status

Finalized

Cloud-fluent

Unique Tools

BRIGHTCRESTSWEETCOLA

Targeted geography

United States/North AmericaEuropeAsia

Targeted industries

TelecommunicationTechnological

APT5, a Chinese cyber espionage group, has been active since at least 2007 and primarily targets telecommunications and technology sectors, with a particular focus on satellite communications. The group has infiltrated organizations in the U.S., Europe, and Asia, targeting regional telecom providers, Asia-based employees of global firms, and military technology. Notably, in 2015, APT5 compromised a U.S. telecommunications company, altering router images and stealing sensitive files related to military technology from a South Asian defense organization. The group employs a wide range of malware, such as BRIGHTCREST and SWEETCOLA, and uses various attack vectors, including keylogging, to access corporate networks and manipulate networking devices' underlying software. APT5's operations often involve multiple subgroups with distinct tactics and infrastructures.