Cyber Resilience

Threat actor · all actors

APT1G0006 state

🇨🇳 CN · PLA · Unit 61398

aka APT1, Comment Crew, Comment Group, Comment Panda, PLA Unit 61398, Byzantine Candor, Group 3, TG-8223, Brown Fox, GIF89a, ShadyRAT, G0006

Last updated: 2026-07-03

2attributed CVEs
36ATT&CK techniques
4.4IDF score (tooling uniqueness)
0exclusive CVEs
2017–2021years active

About this actor

[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-421 / 3658%
CM-619 / 3653%
CM-216 / 3644%
AC-313 / 3636%
AC-212 / 3633%
SI-312 / 3633%
AC-611 / 3631%
CM-710 / 3628%
AC-49 / 3625%
IA-29 / 3625%
SI-79 / 3625%
AC-178 / 3622%
CA-78 / 3622%
AC-57 / 3619%
CM-57 / 3619%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Active in same years

Same nation-state