Threat actor · all actors
APT5G1023 state
🇨🇳 CN
aka APT5, Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630
Last updated: 2026-07-03
About this actor
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zero-Day April 2021)(Citation: Mandiant Pulse Secure Update May 2021)(Citation: FireEye Southeast Asia Threat Landscape March 2015)(Citation: Mandiant Advanced Persistent Threats)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 29 / 42 | 69% |
AC-2 | 28 / 42 | 67% |
AC-3 | 28 / 42 | 67% |
AC-6 | 28 / 42 | 67% |
CM-6 | 27 / 42 | 64% |
AC-5 | 24 / 42 | 57% |
CM-5 | 22 / 42 | 52% |
CM-2 | 21 / 42 | 50% |
IA-2 | 21 / 42 | 50% |
CM-7 | 16 / 42 | 38% |
SI-3 | 16 / 42 | 38% |
SI-7 | 14 / 42 | 33% |
RA-5 | 13 / 42 | 31% |
CA-7 | 12 / 42 | 29% |
IA-5 | 11 / 42 | 26% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- C0032 0.37
- Agrius 0.36
- Cutting Edge 0.33
- menuPass 0.32
- FIN13 0.31
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00