Threat actor · all actors
Deep PandaG0009 state
🇨🇳 CN
aka Deep Panda, Shell Crew, WebMasters, KungFu Kittens, PinkPanther, Black Vine, APT19, Codoso, TEMP.Avengers, Group 13, BRONZE FIRESTONE, G0009, G0073, Pupa, Sunshop Group, Checkered Typhoon
Last updated: 2026-07-03
About this actor
[Deep Panda](https://attack.mitre.org/groups/G0009) is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. (Citation: Alperovitch 2014) The intrusion into healthcare company Anthem has been attributed to [Deep Panda](https://attack.mitre.org/groups/G0009). (Citation: ThreatConnect Anthem) This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. (Citation: RSA Shell Crew) [Deep Panda](https://attack.mitre.org/groups/G0009) also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. (Citation: Symantec Black Vine) Some analysts track [Deep Panda](https://attack.mitre.org/groups/G0009) and [APT19](https://attack.mitre.org/groups/G0073) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
- 2017 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2017-6328 | 5.5 | 8.8 | 0.0214 | 2017-08-11 | see CVE |
CVE-2020-6789 | 5.5 | 7.8 | 0.0035 | 2021-03-25 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 11 / 17 | 65% |
SI-4 | 11 / 17 | 65% |
AC-3 | 10 / 17 | 59% |
CM-2 | 10 / 17 | 59% |
SI-7 | 10 / 17 | 59% |
AC-2 | 9 / 17 | 53% |
AC-6 | 9 / 17 | 53% |
AC-5 | 8 / 17 | 47% |
CM-7 | 8 / 17 | 47% |
CM-5 | 7 / 17 | 41% |
IA-2 | 7 / 17 | 41% |
SI-10 | 7 / 17 | 41% |
RA-5 | 6 / 17 | 35% |
AC-17 | 5 / 17 | 29% |
SI-2 | 5 / 17 | 29% |
Co-occurring actors
Similar actors
Similar TTPs
- 2016 Ukraine Electric Power Attack 0.22
- Blue Mockingbird 0.21
- ToddyCat 0.20
- CopyKittens 0.19
- APT3 0.18
Overlapping CVEs
- APT1 1.00
- APT3 1.00
- Winnti Group 1.00
- menuPass 1.00
- APT41 1.00
Active in same years
- APT1 2.00
- APT3 2.00
- Lazarus Group 2.00
- Winnti Group 2.00
- menuPass 2.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00