Threat actor · all actors
Tropic TrooperG0081 state
🇨🇳 CN
aka Tropic Trooper, Pirate Panda, KeyBoy, APT23, BRONZE HOBART, G0081, Red Orthrus, Earth Centaur
Last updated: 2026-07-03
1attributed CVEs
56ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active
About this actor
[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare, transportation, and high-tech industries and has been active since 2011.(Citation: TrendMicro Tropic Trooper Mar 2018)(Citation: Unit 42 Tropic Trooper Nov 2016)(Citation: TrendMicro Tropic Trooper May 2020)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2026-20929 | 5.5 | 7.5 | 0.0114 | 2026-01-13 | see CVE |
T1016T1020T1027T1027.003T1027.013T1033T1036T1036.005T1046T1049T1052T1052.001T1055T1055.001T1057T1059T1059.003T1070T1070.004T1071T1071.001T1071.004T1078T1078.003T1082T1083T1091T1105T1106T1119T1132T1132.001T1135T1140T1203T1204T1204.002T1221T1505T1505.003T1518T1518.001T1543T1543.003T1547T1547.001T1547.004T1564T1564.001T1566T1566.001T1573T1573.002T1574T1574.001T1680
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 37 / 56 | 66% |
CM-6 | 34 / 56 | 61% |
CM-2 | 31 / 56 | 55% |
SI-3 | 31 / 56 | 55% |
CA-7 | 25 / 56 | 45% |
CM-7 | 23 / 56 | 41% |
AC-6 | 20 / 56 | 36% |
AC-3 | 19 / 56 | 34% |
SC-7 | 18 / 56 | 32% |
AC-2 | 16 / 56 | 29% |
SI-7 | 16 / 56 | 29% |
AC-4 | 15 / 56 | 27% |
RA-5 | 13 / 56 | 23% |
SI-2 | 12 / 56 | 21% |
AC-5 | 11 / 56 | 20% |
Co-occurring actors
- Mustang Panda 1 shared CVEs
- SolarWinds Compromise 1 shared CVEs
- APT38 1 shared CVEs
- Tonto Team 1 shared CVEs
- Ember Bear 1 shared CVEs
- GOLD SOUTHFIELD 1 shared CVEs
- Aquatic Panda 1 shared CVEs
- APT28 1 shared CVEs
- Sandworm Team 1 shared CVEs
- Ajax Security Team 1 shared CVEs
Similar actors
Similar TTPs
- Sidewinder 0.36
- Darkhotel 0.34
- APT19 0.33
- Higaisa 0.33
- Frankenstein 0.32
Active in same years
- Operation Dream Job 1.00
- SolarWinds Compromise 1.00
- C0027 1.00
- SharePoint ToolShell Exploitation 1.00
- Ke3chang 1.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00