Cyber Resilience

Threat actor · all actors

LeviathanG0065 state

🇨🇳 CN · MSS · Hainan Bureau

aka Leviathan, MUDCARP, Kryptonite Panda, Gadolinium, BRONZE MOHAWK, TEMP.Jumper, APT40, TEMP.Periscope, Gingham Typhoon, G0065, ATK29, TA423, Red Ladon, ITG09, ISLANDDREAMS

Last updated: 2026-07-03

3attributed CVEs
73ATT&CK techniques
5.7IDF score (tooling uniqueness)
0exclusive CVEs
2017–2026years active

About this actor

[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security's (MSS) Hainan State Security Department and an affiliated front company.(Citation: CISA AA21-200A APT40 July 2021) Active since at least 2009, [Leviathan](https://attack.mitre.org/groups/G0065) has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Australia, Europe, the Middle East, and Southeast Asia.(Citation: CISA AA21-200A APT40 July 2021)(Citation: Proofpoint Leviathan Oct 2017)(Citation: FireEye Periscope March 2018)(Citation: CISA Leviathan 2024)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-441 / 7356%
CM-637 / 7351%
CM-232 / 7344%
SI-332 / 7344%
AC-328 / 7338%
AC-628 / 7338%
SC-728 / 7338%
AC-426 / 7336%
CA-726 / 7336%
CM-726 / 7336%
AC-223 / 7332%
SI-220 / 7327%
AC-518 / 7325%
CM-518 / 7325%
IA-218 / 7325%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state