Cyber Resilience

Threat actor · all actors

Deep PandaG0009 state

🇨🇳 CN

aka Deep Panda, Shell Crew, WebMasters, KungFu Kittens, PinkPanther, Black Vine, APT19, Codoso, TEMP.Avengers, Group 13, BRONZE FIRESTONE, G0009, G0073, Pupa, Sunshop Group, Checkered Typhoon

Last updated: 2026-07-03

2attributed CVEs
17ATT&CK techniques
4.4IDF score (tooling uniqueness)
0exclusive CVEs
2017–2021years active

About this actor

[Deep Panda](https://attack.mitre.org/groups/G0009) is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. (Citation: Alperovitch 2014) The intrusion into healthcare company Anthem has been attributed to [Deep Panda](https://attack.mitre.org/groups/G0009). (Citation: ThreatConnect Anthem) This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. (Citation: RSA Shell Crew) [Deep Panda](https://attack.mitre.org/groups/G0009) also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. (Citation: Symantec Black Vine) Some analysts track [Deep Panda](https://attack.mitre.org/groups/G0009) and [APT19](https://attack.mitre.org/groups/G0073) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-611 / 1765%
SI-411 / 1765%
AC-310 / 1759%
CM-210 / 1759%
SI-710 / 1759%
AC-29 / 1753%
AC-69 / 1753%
AC-58 / 1747%
CM-78 / 1747%
CM-57 / 1741%
IA-27 / 1741%
SI-107 / 1741%
RA-56 / 1735%
AC-175 / 1729%
SI-25 / 1729%

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years

Same nation-state