Threat actor · all actors
APT12G0005 unknown
aka APT12, IXESHE, DynCalc, Numbered Panda, DNSCALC
Last updated: 2026-07-03
1attributed CVEs
9ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active
About this actor
[APT12](https://attack.mitre.org/groups/G0005) is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments.(Citation: Meyers Numbered Panda)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2026-20929 | 5.5 | 7.5 | 0.0114 | 2026-01-13 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-4 | 8 / 9 | 89% |
CA-7 | 8 / 9 | 89% |
SC-7 | 8 / 9 | 89% |
SI-3 | 8 / 9 | 89% |
SI-4 | 8 / 9 | 89% |
CM-2 | 6 / 9 | 67% |
CM-6 | 6 / 9 | 67% |
SC-44 | 5 / 9 | 56% |
CM-7 | 4 / 9 | 44% |
SI-2 | 4 / 9 | 44% |
SI-8 | 4 / 9 | 44% |
SC-20 | 3 / 9 | 33% |
SI-7 | 3 / 9 | 33% |
IA-9 | 2 / 9 | 22% |
SI-10 | 2 / 9 | 22% |
Co-occurring actors
- Mustang Panda 1 shared CVEs
- SolarWinds Compromise 1 shared CVEs
- APT38 1 shared CVEs
- Tonto Team 1 shared CVEs
- Ember Bear 1 shared CVEs
- GOLD SOUTHFIELD 1 shared CVEs
- Aquatic Panda 1 shared CVEs
- APT28 1 shared CVEs
- Sandworm Team 1 shared CVEs
- Ajax Security Team 1 shared CVEs
Similar actors
Similar TTPs
- APT30 0.44
- TA459 0.42
- Elderwood 0.31
- The White Company 0.31
- RTM 0.29
Overlapping CVEs
- C0027 1.00
- APT28 1.00
- FIN7 1.00
- OilRig 1.00
- Tropic Trooper 1.00
Active in same years
- Operation Dream Job 1.00
- SolarWinds Compromise 1.00
- C0027 1.00
- SharePoint ToolShell Exploitation 1.00
- Ke3chang 1.00