Threat actor · all actors
ZIRCONIUMG0128 state
🇨🇳 CN
aka ZIRCONIUM, APT31, Violet Typhoon
Last updated: 2026-07-03
2attributed CVEs
42ATT&CK techniques
7.9IDF score (tooling uniqueness)
1exclusive CVEs
2013years active
About this actor
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)
Source: MITRE ATT&CK
Activity timeline
- 2013 — 2 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2013-3128 | 8.0 | 0.0 | 0.5784 | 2013-10-09 | see CVE |
CVE-2013-3894 | 8.0 | 8.1 | 0.9312 | 2013-10-09 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 23 / 42 | 55% |
SI-3 | 22 / 42 | 52% |
CM-6 | 21 / 42 | 50% |
CA-7 | 20 / 42 | 48% |
CM-2 | 20 / 42 | 48% |
AC-4 | 18 / 42 | 43% |
SC-7 | 18 / 42 | 43% |
CM-7 | 15 / 42 | 36% |
AC-3 | 12 / 42 | 29% |
AC-6 | 10 / 42 | 24% |
AC-2 | 9 / 42 | 21% |
SI-2 | 9 / 42 | 21% |
SI-7 | 9 / 42 | 21% |
SI-10 | 8 / 42 | 19% |
IA-9 | 6 / 42 | 14% |
Co-occurring actors
- Equation 1 shared CVEs
Similar actors
Similar TTPs
- LazyScripter 0.29
- MuddyWater 0.28
- TA2541 0.27
- Molerats 0.26
- RedDelta Modified PlugX Infection Chain Operations 0.26
Overlapping CVEs
- Equation 0.25
Active in same years
- Equation 1.00
- NEODYMIUM 1.00
- PROMETHIUM 1.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00