Reconnaissance Scanning Tools Used by Chinese Threat Actors
and Those Available in Open Source
By Natto Team
Published: 2024-09-04 · Archived: 2026-04-05 15:18:01 UTC
At the end of May, the Natto Team looked into threat group APT41’s reconnaissance techniques and toolkit. As we
continue our ongoing research on Chinese threat groups, we discovered several other Chinese threat groups using
similar reconnaissance techniques and tools to those APT41 used, such as Nmap, a free and open-source network
scanner. We also came across reconnaissance techniques and scanning tools that were unique to some of the
Chinese threat groups. In addition, like APT41, Chinese threat groups heavily use open-source and locally
developed tools, whether well-known security tools or customized malware.
Tools, malware, threat groups and threat campaigns mentioned in this report. Source: Natto
Thoughts
At least three Chinese state threat groups, including APT10 (a.k.a menuPass, Stone Panda, POTASSIUM (Purple
Typhoon); GALLIUM (a.k.a Granite Typhoon), and Stately …
https://nattothoughts.substack.com/p/reconnaissance-scanning-tools-used
Page 1 of 2

Continue reading this post for free, courtesy of Natto Team.
Source: https://nattothoughts.substack.com/p/reconnaissance-scanning-tools-used
https://nattothoughts.substack.com/p/reconnaissance-scanning-tools-used
Page 2 of 2