APT5
G10231 reportsAnalyst assessment — key judgments
- Signature techniques: T1053.005 (Scheduled Task), T1204.002 (Malicious File), T1588.006 (Vulnerabilities).
- Primary targeting: RU, BR.
- Newly emerged: 1 report(s) in last 30d vs 0 prior (+100%).
- Recent movement: 5 new technique(s), 82 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 100% of 5 observed techniques (0 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Movement — last 30 days
Overview
APT5 is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. APT5 has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zero-Day April 2021)(Citation: Mandiant Pulse Secure Update May 2021)(Citation: FireEye Southeast Asia Threat Landscape March 2015)(Citation: Mandiant Advanced Persistent Threats)
ATT&CK technique matrix
- T1053.005 · Scheduled Taskconf 601
- T1204.002 · Malicious Fileconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1059.001 · PowerShellconf 601
- T1589.001 · Credentialsconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|