Threat actor · all actors
APT41G0096 state-contractor
🇨🇳 CN · MSS
aka APT41, Wicked Panda, Brass Typhoon, BARIUM
Last updated: 2026-07-03
About this actor
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed targeting various industries, including but not limited to healthcare, telecom, technology, finance, education, retail and video game industries in 14 countries.(Citation: apt41_mandiant) Notable behaviors include using a wide range of malware and tools to complete mission objectives. [APT41](https://attack.mitre.org/groups/G0096) overlaps at least partially with public reporting on groups including BARIUM and [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: FireEye APT41 Aug 2019)(Citation: Group IB APT 41 June 2021)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
- 2017 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2017-6328 | 5.5 | 8.8 | 0.0214 | 2017-08-11 | see CVE |
CVE-2020-6789 | 5.5 | 7.8 | 0.0035 | 2021-03-25 | see CVE |
T1003T1003.001T1003.002T1003.003T1005T1008T1012T1014T1016T1018T1021T1021.001T1021.002T1027T1027.002T1030T1033T1036T1036.004T1036.005T1037T1046T1047T1049T1053T1053.005T1055T1056T1056.001T1059T1059.001T1059.003T1059.004T1069T1070T1070.003T1070.004T1071T1071.001T1071.002T1071.004T1078T1082T1083T1087T1087.001T1087.002T1090T1098T1098.007T1102T1102.001T1104T1105T1110T1112T1133T1135T1136T1136.001T1190T1195T1195.002T1197T1203T1213T1213.003T1218T1218.001T1218.011T1480T1480.001T1484T1484.001T1486T1496T1496.001T1542T1542.003T1543T1543.003T1546T1546.008T1547T1547.001T1550T1550.002T1553T1553.002T1555T1555.003T1560T1560.001T1566T1566.001T1568T1568.002T1569T1569.002T1570T1574T1574.001T1574.006T1588T1588.002T1595T1595.002T1595.003T1596T1596.005T1599T1684T1684.001T1685T1685.005
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 74 / 115 | 64% |
CM-6 | 70 / 115 | 61% |
CM-2 | 58 / 115 | 50% |
AC-3 | 55 / 115 | 48% |
CM-7 | 54 / 115 | 47% |
AC-6 | 52 / 115 | 45% |
SI-3 | 50 / 115 | 43% |
AC-2 | 48 / 115 | 42% |
CA-7 | 47 / 115 | 41% |
SI-7 | 40 / 115 | 35% |
AC-5 | 39 / 115 | 34% |
IA-2 | 37 / 115 | 32% |
CM-5 | 36 / 115 | 31% |
AC-4 | 33 / 115 | 29% |
SC-7 | 32 / 115 | 28% |
Co-occurring actors
- Deep Panda 2 shared CVEs
- Leviathan 2 shared CVEs
- APT1 2 shared CVEs
- menuPass 2 shared CVEs
- Winnti Group 2 shared CVEs
- APT3 2 shared CVEs
- APT19 2 shared CVEs
Similar actors
Similar TTPs
- APT3 0.39
- Wizard Spider 0.38
- APT39 0.36
- APT32 0.35
- FIN13 0.35
Overlapping CVEs
- APT1 1.00
- Deep Panda 1.00
- APT3 1.00
- Winnti Group 1.00
- menuPass 1.00
Active in same years
- APT1 2.00
- Deep Panda 2.00
- APT3 2.00
- Lazarus Group 2.00
- Winnti Group 2.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- C0017 1.00
- APT41 DUST 1.00
- RedDelta Modified PlugX Infection Chain Operations 1.00
- APT3 1.00
- Mustang Panda 1.00