Threat actor · all actors
ElderwoodG0066 state
🇨🇳 CN
aka Elderwood, Elderwood Gang, Beijing Group, Sneaky Panda, SIG22, G0066
Last updated: 2026-07-03
1attributed CVEs
12ATT&CK techniques
3.6IDF score (tooling uniqueness)
0exclusive CVEs
2026years active
About this actor
[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. (Citation: Security Affairs Elderwood Sept 2012) The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers. (Citation: Symantec Elderwood Sept 2012) (Citation: CSM Elderwood Sept 2012)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2026-8732 | 7.0 | 9.8 | 0.0946 | 2026-05-29 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-3 | 12 / 12 | 100% |
SI-4 | 11 / 12 | 92% |
AC-4 | 9 / 12 | 75% |
CA-7 | 9 / 12 | 75% |
CM-2 | 9 / 12 | 75% |
CM-6 | 9 / 12 | 75% |
SC-7 | 9 / 12 | 75% |
SI-2 | 8 / 12 | 67% |
SC-44 | 7 / 12 | 58% |
SI-7 | 6 / 12 | 50% |
SI-8 | 6 / 12 | 50% |
CM-7 | 5 / 12 | 42% |
IA-9 | 3 / 12 | 25% |
SC-20 | 3 / 12 | 25% |
AC-6 | 2 / 12 | 17% |
Co-occurring actors
- Nomadic Octopus 1 shared CVEs
Similar actors
Similar TTPs
- Mofang 0.62
- Operation Dust Storm 0.44
- The White Company 0.41
- Transparent Tribe 0.40
- Andariel 0.36
Overlapping CVEs
- Nomadic Octopus 1.00
Active in same years
- Operation Dream Job 1.00
- SolarWinds Compromise 1.00
- C0027 1.00
- SharePoint ToolShell Exploitation 1.00
- Ke3chang 1.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00