Cyber Resilience

Campaign · all campaigns

Leviathan Australian IntrusionsC0049 state

🇨🇳 CN · MSS · Hainan Bureau

aka Leviathan Australian Intrusions

Run by Leviathan

Last updated: 2026-07-03

0attributed CVEs
32ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Leviathan Australian Intrusions](https://attack.mitre.org/campaigns/C0049) consisted of at least two long-term intrusions against victims in Australia by [Leviathan](https://attack.mitre.org/groups/G0065), relying on similar tradecraft such as external service exploitation followed by extensive credential capture and re-use to enable privilege escalation and lateral movement. [Leviathan Australian Intrusions](https://attack.mitre.org/campaigns/C0049) were focused on exfiltrating sensitive data including valid credentials for the victim organizations.(Citation: CISA Leviathan 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-621 / 3266%
SI-421 / 3266%
AC-219 / 3259%
AC-619 / 3259%
IA-217 / 3253%
AC-316 / 3250%
AC-516 / 3250%
CM-216 / 3250%
CA-715 / 3247%
CM-514 / 3244%
RA-512 / 3238%
IA-511 / 3234%
AC-410 / 3231%
CM-710 / 3231%
SC-79 / 3228%

Co-occurring actors

None.

Similar actors

Same nation-state