Cyber Resilience

Threat actor · all actors

APT41G0096 state-contractor

🇨🇳 CN · MSS

aka APT41, Wicked Panda, Brass Typhoon, BARIUM

Last updated: 2026-07-03

2attributed CVEs
115ATT&CK techniques
4.4IDF score (tooling uniqueness)
0exclusive CVEs
2017–2021years active

About this actor

[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed targeting various industries, including but not limited to healthcare, telecom, technology, finance, education, retail and video game industries in 14 countries.(Citation: apt41_mandiant) Notable behaviors include using a wide range of malware and tools to complete mission objectives. [APT41](https://attack.mitre.org/groups/G0096) overlaps at least partially with public reporting on groups including BARIUM and [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: FireEye APT41 Aug 2019)(Citation: Group IB APT 41 June 2021)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-474 / 11564%
CM-670 / 11561%
CM-258 / 11550%
AC-355 / 11548%
CM-754 / 11547%
AC-652 / 11545%
SI-350 / 11543%
AC-248 / 11542%
CA-747 / 11541%
SI-740 / 11535%
AC-539 / 11534%
IA-237 / 11532%
CM-536 / 11531%
AC-433 / 11529%
SC-732 / 11528%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Active in same years

Same nation-state