Campaign · all campaigns
Leviathan Australian IntrusionsC0049 state
🇨🇳 CN · MSS · Hainan Bureau
aka Leviathan Australian Intrusions
Run by Leviathan
Last updated: 2026-07-03
About this actor
[Leviathan Australian Intrusions](https://attack.mitre.org/campaigns/C0049) consisted of at least two long-term intrusions against victims in Australia by [Leviathan](https://attack.mitre.org/groups/G0065), relying on similar tradecraft such as external service exploitation followed by extensive credential capture and re-use to enable privilege escalation and lateral movement. [Leviathan Australian Intrusions](https://attack.mitre.org/campaigns/C0049) were focused on exfiltrating sensitive data including valid credentials for the victim organizations.(Citation: CISA Leviathan 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 21 / 32 | 66% |
SI-4 | 21 / 32 | 66% |
AC-2 | 19 / 32 | 59% |
AC-6 | 19 / 32 | 59% |
IA-2 | 17 / 32 | 53% |
AC-3 | 16 / 32 | 50% |
AC-5 | 16 / 32 | 50% |
CM-2 | 16 / 32 | 50% |
CA-7 | 15 / 32 | 47% |
CM-5 | 14 / 32 | 44% |
RA-5 | 12 / 32 | 38% |
IA-5 | 11 / 32 | 34% |
AC-4 | 10 / 32 | 31% |
CM-7 | 10 / 32 | 31% |
SC-7 | 9 / 32 | 28% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Operation Wocao 0.20
- Cutting Edge 0.19
- Anthropic AI-orchestrated Campaign 0.19
- Agrius 0.19
- Moses Staff 0.18
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00