APT 31, Judgment Panda, Zirconium
Archived: 2026-04-05 22:51:06 UTC
Home > List all groups > APT 31, Judgment Panda, Zirconium
 APT group: APT 31, Judgment Panda, Zirconium
Names
APT 31 (Mandiant)
Judgment Panda (CrowdStrike)
Zirconium (Microsoft)
RedBravo (Recorded Future)
Bronze Vinewood (SecureWorks)
TA412 (Proofpoint)
Violet Typhoon (Microsoft)
Red Keres (PWC)
G0128 (MITRE)
Country China
Sponsor State-sponsored, Ministry of State Security
Motivation Information theft and espionage
First seen 2016
Description
FireEye characterizes APT31 as an actor specialized on intellectual property theft,
focusing on data and projects that make a particular organization competetive in its
field. Based on available data (April 2016), FireEye assesses that APT31 conducts
network operations at the behest of the Chinese Government.
Also see Hafnium.
Observed
Countries: Belarus, Canada, Czech, Finland, France, Mongolia, Norway, Russia,
UK, USA.
Tools used
9002 RAT, China Chopper, Gh0st RAT, GrewApacha, HiKit, PlugX, Sakula RAT,
Trochilus RAT.
Operations performed
Summer 2018
Norway says Chinese group APT31 is behind catastrophic 2018
government hack
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3e29e0b-f472-4a46-bbb7-d328b2348fcf
Page 1 of 3

Aug 2020
New cyberattacks targeting U.S. elections
Autumn 2020
Finnish Parliament attackers hack lawmakers’ email accounts
Early 2021
Tracing State-Aligned Activity Targeting Journalists, Media
Apr 2021
APT31 new dropper. Target destinations: Mongolia, Russia, the
U.S., and elsewhere
Jul 2021
France warns of APT31 cyberspies targeting French organizations
2022
Czechia blames China for Ministry of Foreign Affairs cyberattack
Feb 2022
In February, we detected an APT31 phishing campaign targeting
high profile Gmail users affiliated with the U.S. government.
Apr 2022
Hackers use new malware to breach air-gapped devices in Eastern
Europe
Counter operations Mar 2024 Treasury Sanctions China-Linked Hackers for Targeting U.S.
Critical Infrastructure
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3e29e0b-f472-4a46-bbb7-d328b2348fcf
Page 2 of 3

Information
MITRE ATT&CK Last change to this card: 16 August 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3e29e0b-f472-4a46-bbb7-d328b2348fcf
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3e29e0b-f472-4a46-bbb7-d328b2348fcf
Page 3 of 3