Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630
APT5, a Chinese cyber espionage group, has been active since at least 2007 and primarily targets telecommunications and technology sectors, with a particular focus on satellite communications. The group has infiltrated organizations in the U.S., Europe, and Asia, targeting regional telecom providers, Asia-based employees of global firms, and military technology. Notably, in 2015, APT5 compromised a U.S. telecommunications company, altering router images and stealing sensitive files related to military technology from a South Asian defense organization. The group employs a wide range of malware, such as BRIGHTCREST and SWEETCOLA, and uses various attack vectors, including keylogging, to access corporate networks and manipulate networking devices' underlying software. APT5's operations often involve multiple subgroups with distinct tactics and infrastructures.