THREATOPS Actor Dossier
LIVE ← Dashboard

APT3

G00221 reports
aliases · APT3 · Gothic Panda · Pirpi · UPS Team · Buckeye · Threat Group-0110 · TG-0110
Export dossier:
1
Reports
5
Techniques
4
Tactics
2
Countries
100%
Hunt coverage
7
Aliases

Analyst assessment — key judgments

  • Signature techniques: T1053.005 (Scheduled Task), T1204.002 (Malicious File), T1588.006 (Vulnerabilities).
  • Primary targeting: RU, BR.
  • Newly emerged: 1 report(s) in last 30d vs 0 prior (+100%).
  • Recent movement: 5 new technique(s), 82 new infrastructure indicator(s) in the last 30 days.
  • Hunt coverage 100% of 5 observed techniques (0 gap(s)).
  • Assessment confidence: medium (60).

Activity & trend

Newly emergedLast 30d: 1 vs 0 prior (+100%)· first reported 2026-07-03 · last 2026-07-03
0
7d
1
30d
1
90d
1
All
0.1
Rpts/wk
Reporting timeline · 12 months

Movement — last 30 days

New techniques
T1053.005T1204.002T1588.006T1059.001T1589.001
Targeting gained
BRRU
New infrastructure
5d5c3e483c5e544260ce98fc29fbf1927141917cba2eee2b4d31107faccf3a39f5c6434ee5f7578faa3bc1257e1c9226c019797a00fd56edb1f468ac0a598510a0ec7a8e61eff3f445a7455b3aef9fbb7db9c688c620e54e8c69b7e52a7579fb90378881856abfa47d7745c0a3ef9dc81dba3e505491a260a44c867902c3296e1096268fa2b3d454c86cf851cb782319f2ab09d7e7a375a192508a5014aa2ee40041fd1b2358cd08dbcbc28ea8fc3d20894332174f536c2e1efeda05cba79f8b

Overview

Analyst triage
Intelligence summary

APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)

Top co-occurring indicators
    Aliases & naming
      Targeting · countries
        Targeting · named victims

          ATT&CK technique matrix

          Coverage vs hunt library:
          Hunt-coverage gaps — prioritized

            Top techniques by observation

            Threat catalogue · engineering roadmap0

            Flagged detection-engineering queue

            Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.

              No techniques queued yet — flag a gap above to add it here.

              Infrastructure

              IOC type mix
              Tooling / malware families
                Tracked infrastructure

                Relationships

                Related actors (behavioral cluster)
                  Attributed malware
                  Campaigns
                  No behavioral cluster, attributed malware, or campaigns recorded for this actor yet.

                  Activity

                  30-day mention timeline
                  Recent reporting
                  TitleSourceSeverityCollected