Cyber Resilience

Campaign · all campaigns

C0017C0017 state-contractor

🇨🇳 CN · MSS

aka C0017

Run by APT41

Last updated: 2026-07-03

0attributed CVEs
40ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[C0017](https://attack.mitre.org/campaigns/C0017) was an [APT41](https://attack.mitre.org/groups/G0096) campaign conducted between May 2021 and February 2022 that successfully compromised at least six U.S. state government networks through the exploitation of vulnerable Internet facing web applications. During [C0017](https://attack.mitre.org/campaigns/C0017), [APT41](https://attack.mitre.org/groups/G0096) was quick to adapt and use publicly-disclosed as well as zero-day vulnerabilities for initial access, and in at least two cases re-compromised victims following remediation efforts. The goals of [C0017](https://attack.mitre.org/campaigns/C0017) are unknown, however [APT41](https://attack.mitre.org/groups/G0096) was observed exfiltrating Personal Identifiable Information (PII).(Citation: Mandiant APT41)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-429 / 4072%
CM-625 / 4062%
SI-325 / 4062%
CM-224 / 4060%
AC-321 / 4052%
CA-720 / 4050%
AC-219 / 4048%
AC-619 / 4048%
CM-719 / 4048%
AC-415 / 4038%
SC-714 / 4035%
SI-711 / 4028%
AC-510 / 4025%
SI-1010 / 4025%
CM-59 / 4022%

Co-occurring actors

None.

Similar actors