Cyber Resilience

Threat actor · all actors

APT3G0022 state-contractor

🇨🇳 CN · MSS · Guangdong Bureau

aka APT3, Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, TG-0110

Last updated: 2026-07-03

2attributed CVEs
69ATT&CK techniques
4.4IDF score (tooling uniqueness)
0exclusive CVEs
2017–2021years active

About this actor

[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-448 / 6970%
CM-641 / 6959%
CM-234 / 6949%
AC-333 / 6948%
AC-231 / 6945%
AC-631 / 6945%
CM-730 / 6943%
CA-727 / 6939%
SI-327 / 6939%
AC-524 / 6935%
IA-224 / 6935%
AC-422 / 6932%
SC-721 / 6930%
SI-721 / 6930%
CM-520 / 6929%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Active in same years

Same nation-state