Cyber Resilience

Threat actor · all actors

HAFNIUMG0125 state

🇨🇳 CN

aka HAFNIUM, Operation Exchange Marauder, Silk Typhoon, ATK233, G0125, Red Dev 13, MURKY PANDA

Last updated: 2026-07-03

3attributed CVEs
66ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2021years active

About this actor

[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. [HAFNIUM](https://attack.mitre.org/groups/G0125) has targeted remote management tools and cloud software for intial access and has demonstrated an ability to quickly operationalize exploits for identified vulnerabilities in edge devices.(Citation: Microsoft HAFNIUM March 2020)(Citation: Volexity Exchange Marauder March 2021)(Citation: Microsoft Silk Typhoon MAR 2025)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-26412 7.09.10.30402021-03-03see CVE
CVE-2021-27078 7.09.10.32552021-03-03see CVE
CVE-2021-26854 6.06.60.19572021-03-03see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-440 / 6661%
CM-636 / 6655%
AC-332 / 6648%
AC-630 / 6645%
CM-229 / 6644%
AC-228 / 6642%
CA-726 / 6639%
IA-224 / 6636%
AC-523 / 6635%
AC-422 / 6633%
CM-721 / 6632%
SI-321 / 6632%
SI-721 / 6632%
SC-720 / 6630%
CM-519 / 6629%

Co-occurring actors

None.

Similar actors

Similar TTPs

Same nation-state