Threat actor · all actors
APT3G0022 state-contractor
🇨🇳 CN · MSS · Guangdong Bureau
aka APT3, Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, TG-0110
Last updated: 2026-07-03
About this actor
[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
- 2017 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2017-6328 | 5.5 | 8.8 | 0.0214 | 2017-08-11 | see CVE |
CVE-2020-6789 | 5.5 | 7.8 | 0.0035 | 2021-03-25 | see CVE |
T1003T1003.001T1005T1016T1018T1021T1021.001T1021.002T1027T1027.002T1027.005T1033T1036T1036.010T1041T1049T1053T1053.005T1056T1056.001T1057T1059T1059.001T1059.003T1069T1070T1070.004T1074T1074.001T1078T1078.002T1082T1083T1087T1087.001T1090T1090.002T1095T1098T1098.007T1104T1105T1110T1110.002T1136T1136.001T1203T1204T1204.001T1218T1218.011T1543T1543.003T1546T1546.008T1547T1547.001T1552T1552.001T1555T1555.003T1560T1560.001T1564T1564.003T1566T1566.002T1574T1574.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 48 / 69 | 70% |
CM-6 | 41 / 69 | 59% |
CM-2 | 34 / 69 | 49% |
AC-3 | 33 / 69 | 48% |
AC-2 | 31 / 69 | 45% |
AC-6 | 31 / 69 | 45% |
CM-7 | 30 / 69 | 43% |
CA-7 | 27 / 69 | 39% |
SI-3 | 27 / 69 | 39% |
AC-5 | 24 / 69 | 35% |
IA-2 | 24 / 69 | 35% |
AC-4 | 22 / 69 | 32% |
SC-7 | 21 / 69 | 30% |
SI-7 | 21 / 69 | 30% |
CM-5 | 20 / 69 | 29% |
Co-occurring actors
- APT41 2 shared CVEs
- Deep Panda 2 shared CVEs
- Leviathan 2 shared CVEs
- APT1 2 shared CVEs
- menuPass 2 shared CVEs
- Winnti Group 2 shared CVEs
- APT19 2 shared CVEs
Similar actors
Similar TTPs
- APT39 0.40
- APT41 0.39
- FIN13 0.36
- Wizard Spider 0.35
- Magic Hound 0.34
Overlapping CVEs
- APT1 1.00
- Deep Panda 1.00
- Winnti Group 1.00
- menuPass 1.00
- APT41 1.00
Active in same years
- APT1 2.00
- Deep Panda 2.00
- Lazarus Group 2.00
- Winnti Group 2.00
- menuPass 2.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- C0017 1.00
- APT41 DUST 1.00
- RedDelta Modified PlugX Infection Chain Operations 1.00
- APT41 1.00
- Mustang Panda 1.00