Cyber Resilience

Threat actor · all actors

APT19G0073 unknown

aka APT19, Codoso, C0d0so0, Codoso Team, Sunshop Group

Last updated: 2026-07-03

3attributed CVEs
32ATT&CK techniques
8.7IDF score (tooling uniqueness)
1exclusive CVEs
2017–2021years active

About this actor

[APT19](https://attack.mitre.org/groups/G0073) is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. (Citation: FireEye APT19) Some analysts track [APT19](https://attack.mitre.org/groups/G0073) and [Deep Panda](https://attack.mitre.org/groups/G0009) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016) (Citation: FireEye APT Groups) (Citation: Unit 42 C0d0so0 Jan 2016)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-1099 6.04.30.35512017-06-13see CVE
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-419 / 3259%
SI-318 / 3256%
CM-217 / 3253%
CM-617 / 3253%
CA-715 / 3247%
SI-714 / 3244%
CM-712 / 3238%
AC-411 / 3234%
SI-1011 / 3234%
SC-710 / 3231%
SI-29 / 3228%
AC-68 / 3225%
AC-37 / 3222%
RA-57 / 3222%
AC-26 / 3219%

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years