Threat actor · all actors
APT19G0073 unknown
aka APT19, Codoso, C0d0so0, Codoso Team, Sunshop Group
Last updated: 2026-07-03
About this actor
[APT19](https://attack.mitre.org/groups/G0073) is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. (Citation: FireEye APT19) Some analysts track [APT19](https://attack.mitre.org/groups/G0073) and [Deep Panda](https://attack.mitre.org/groups/G0009) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016) (Citation: FireEye APT Groups) (Citation: Unit 42 C0d0so0 Jan 2016)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
- 2017 — 2 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2017-1099 | 6.0 | 4.3 | 0.3551 | 2017-06-13 | see CVE |
CVE-2017-6328 | 5.5 | 8.8 | 0.0214 | 2017-08-11 | see CVE |
CVE-2020-6789 | 5.5 | 7.8 | 0.0035 | 2021-03-25 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 19 / 32 | 59% |
SI-3 | 18 / 32 | 56% |
CM-2 | 17 / 32 | 53% |
CM-6 | 17 / 32 | 53% |
CA-7 | 15 / 32 | 47% |
SI-7 | 14 / 32 | 44% |
CM-7 | 12 / 32 | 38% |
AC-4 | 11 / 32 | 34% |
SI-10 | 11 / 32 | 34% |
SC-7 | 10 / 32 | 31% |
SI-2 | 9 / 32 | 28% |
AC-6 | 8 / 32 | 25% |
AC-3 | 7 / 32 | 22% |
RA-5 | 7 / 32 | 22% |
AC-2 | 6 / 32 | 19% |
Co-occurring actors
- APT41 2 shared CVEs
- Deep Panda 2 shared CVEs
- Leviathan 2 shared CVEs
- APT1 2 shared CVEs
- menuPass 2 shared CVEs
- Winnti Group 2 shared CVEs
- APT3 2 shared CVEs
Similar actors
Similar TTPs
- RedDelta Modified PlugX Infection Chain Operations 0.36
- Inception 0.35
- Sidewinder 0.35
- Gorgon Group 0.34
- TA551 0.34
Overlapping CVEs
- APT1 0.67
- Deep Panda 0.67
- APT3 0.67
- Winnti Group 0.67
- menuPass 0.67
Active in same years
- APT1 2.00
- Deep Panda 2.00
- APT3 2.00
- Lazarus Group 2.00
- Winnti Group 2.00