{ "id": "cdf7e446-c74a-4d54-a7a8-eb1d1f783a45", "created_at": "2026-04-06T00:17:59.61688Z", "updated_at": "2026-04-10T03:37:58.68988Z", "deleted_at": null, "sha1_hash": "ee58feb36645f22fb3eafd6bb5c08e61fe16831c", "title": "Titan Rain", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 100251, "plain_text": "Titan Rain\r\nBy Contributors to Wikimedia projects\r\nPublished: 2005-08-29 · Archived: 2026-04-02 12:05:24 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nLockheed Martin Aeronautics Discussion\r\nTitan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were\r\nknown to have been ongoing for at least three years.[1] The attacks originated in Guangdong, China.\r\n[2]\r\n The\r\nactivity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation\r\nTitan Rain by the federal government of the United States.\r\nTitan Rain hackers gained access to many United States defense contractor computer networks, which were\r\ntargeted for their sensitive information,[1] including those at Lockheed Martin, Sandia National Laboratories,\r\nRedstone Arsenal, and NASA.\r\nThe attacks are reported to be the result of actions by People's Liberation Army Unit 61398.\r\n[3]\r\n These hackers\r\nattacked both the US government (Defense Intelligence Agency) and the UK government (Ministry of Defence).\r\nIn 2006, an \"organised Chinese hacking group\" shut down a part of the UK House of Commons computer system.\r\n[4]\r\n The Chinese government has denied responsibility.\r\n[citation needed]\r\nThe U.S. government has blamed the Chinese government for the 2004 attacks. Alan Paller, SANS Institute\r\nresearch director, stated that the attacks came from individuals with \"intense discipline\" and that \"no other\r\norganization could do this if they were not a military\". Such sophistication has pointed toward the People's\r\nLiberation Army as the attackers.[5]\r\nTitan Rain reportedly attacked multiple organizations, such as NASA and the FBI. Although no classified\r\ninformation was reported stolen, the hackers were able to steal unclassified information (e.g., information from a\r\nhome computer) that could reveal strengths and weaknesses of the United States.[6]\r\nhttps://en.wikipedia.org/wiki/Titan_Rain\r\nPage 1 of 2\n\nThe U.S. Department of the Treasury, Washington, D.C.\r\nTitan Rain has also caused distrust between other countries (such as the United Kingdom and Russia) and China.\r\nThe United Kingdom has stated officially that Chinese hackers attacked its governmental offices. Titan Rain has\r\ncaused the rest of the world to be more cautious of attacks not just from China but from other countries as well.\r\n[citation needed]\r\nRed Apollo\r\nMoonlight Maze\r\nOperation Aurora\r\nShawn Carpenter\r\nStakkato\r\n1. ^ Jump up to: a\r\n \r\nb\r\n Bodmer, Sean; Kilger, Max; Carpenter, Gregory; Jones, Jade (July 24, 2012). Reverse\r\nDeception: Organized Cyber Threat Counter-Exploitation. New York: McGraw-Hill Osborne Media.\r\nISBN 978-0071772495.\r\n2. ^ Thornburgh, Nathan (2005-08-29). \"The Invasion of the Chinese Cyberspies (And the Man Who Tried to\r\nStop Them)\". Time.\r\n3. ^ \"Connect the Dots on State-Sponsored Cyber Incidents - Titan Rain\".\r\n4. ^ Norton-Taylor, Richard (September 5, 2007). \"Titan Rain - how Chinese hackers targeted Whitehall\".\r\nThe Guardian. Retrieved 2018-05-10.\r\n5. ^ \"The lesson of Titan Rain: Articulate the dangers of cyber attack to upper management\". Homeland\r\nSecurity News Wire. December 14, 2005. Retrieved 2018-05-10.\r\n6. ^ \"The 7 worst cyberattacks in history (that we know about)\". Dvice. September 22, 2010. Archived from\r\nthe original on November 12, 2014.\r\nSource: https://en.wikipedia.org/wiki/Titan_Rain\r\nhttps://en.wikipedia.org/wiki/Titan_Rain\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://en.wikipedia.org/wiki/Titan_Rain" ], "report_names": [ "Titan_Rain" ], "threat_actors": [ { "id": "ec14074c-8517-40e1-b4d7-3897f1254487", "created_at": "2023-01-06T13:46:38.300905Z", "updated_at": "2026-04-10T02:00:02.918468Z", "deleted_at": null, "main_name": "APT10", "aliases": [ "Red Apollo", "HOGFISH", "BRONZE RIVERSIDE", "G0045", "TA429", "Purple Typhoon", "STONE PANDA", "Menupass Team", "happyyongzi", "CVNX", "Cloud Hopper", "ATK41", "Granite Taurus", "POTASSIUM" ], "source_name": "MISPGALAXY:APT10", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "ba9fa308-a29a-4928-9c06-73aafec7624c", "created_at": "2024-05-01T02:03:07.981061Z", "updated_at": "2026-04-10T02:00:03.750803Z", "deleted_at": null, "main_name": "BRONZE RIVERSIDE", "aliases": [ "APT10 ", "CTG-5938 ", "CVNX ", "Hogfish ", "MenuPass ", "MirrorFace ", "POTASSIUM ", "Purple Typhoon ", "Red Apollo ", "Stone Panda " ], "source_name": "Secureworks:BRONZE RIVERSIDE", "tools": [ "ANEL", "AsyncRAT", "ChChes", "Cobalt Strike", "HiddenFace", "LODEINFO", "PlugX", "PoisonIvy", "QuasarRAT", "QuasarRAT Loader", "RedLeaves" ], "source_id": "Secureworks", "reports": null }, { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "ba3fff0c-3ba0-4855-9eeb-1af9ee18136a", "created_at": "2022-10-25T15:50:23.298889Z", "updated_at": "2026-04-10T02:00:05.316886Z", "deleted_at": null, "main_name": "menuPass", "aliases": [ "menuPass", "POTASSIUM", "Stone Panda", "APT10", "Red Apollo", "CVNX", "HOGFISH", "BRONZE RIVERSIDE" ], "source_name": "MITRE:menuPass", "tools": [ "certutil", "FYAnti", "UPPERCUT", "SNUGRIDE", "P8RAT", "RedLeaves", "SodaMaster", "pwdump", "Mimikatz", "PlugX", "PowerSploit", "ChChes", "cmd", "QuasarRAT", "AdFind", "Cobalt Strike", "PoisonIvy", "EvilGrab", "esentutl", "Impacket", "Ecipekac", "PsExec", "HUI Loader" ], "source_id": "MITRE", "reports": null }, { "id": "86fd71d3-06dc-4b73-b038-cedea7b83bac", "created_at": "2022-10-25T16:07:23.330793Z", "updated_at": "2026-04-10T02:00:04.545236Z", "deleted_at": null, "main_name": "APT 17", "aliases": [ "APT 17", "ATK 2", "Beijing Group", "Bronze Keystone", "Deputy Dog", "Elderwood", "Elderwood Gang", "G0025", "G0066", "Operation Aurora", "Operation DeputyDog", "Operation Ephemeral Hydra", "Operation RAT Cook", "SIG22", "Sneaky Panda", "TEMP.Avengers", "TG-8153", "Tailgater Team" ], "source_name": "ETDA:APT 17", "tools": [ "9002 RAT", "AGENT.ABQMR", "AGENT.AQUP.DROPPER", "AGENT.BMZA", "AGENT.GUNZ", "Agent.dhwf", "AngryRebel", "BlackCoffee", "Briba", "Chymine", "Comfoo", "Comfoo RAT", "Darkmoon", "DeputyDog", "Destroy RAT", "DestroyRAT", "Farfli", "Fexel", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "Gresim", "HOMEUNIX", "HiKit", "HidraQ", "Homux", "Hydraq", "Jumpall", "Kaba", "Korplug", "Linfo", "MCRAT.A", "McRAT", "MdmBot", "Mdmbot.E", "Moudour", "Mydoor", "Naid", "Nerex", "PCRat", "PNGRAT", "Pasam", "PlugX", "Poison Ivy", "RedDelta", "Roarur", "SPIVY", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trojan.Naid", "Vasport", "Wiarp", "Xamtrav", "Zox", "ZoxPNG", "ZoxRPC", "gresim", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434679, "ts_updated_at": 1775792278, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ee58feb36645f22fb3eafd6bb5c08e61fe16831c.pdf", "text": "https://archive.orkl.eu/ee58feb36645f22fb3eafd6bb5c08e61fe16831c.txt", "img": "https://archive.orkl.eu/ee58feb36645f22fb3eafd6bb5c08e61fe16831c.jpg" } }