Cyber Resilience

Threat actor · all actors

APT5G1023 state

🇨🇳 CN

aka APT5, Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630

Last updated: 2026-07-03

0attributed CVEs
42ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zero-Day April 2021)(Citation: Mandiant Pulse Secure Update May 2021)(Citation: FireEye Southeast Asia Threat Landscape March 2015)(Citation: Mandiant Advanced Persistent Threats)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-429 / 4269%
AC-228 / 4267%
AC-328 / 4267%
AC-628 / 4267%
CM-627 / 4264%
AC-524 / 4257%
CM-522 / 4252%
CM-221 / 4250%
IA-221 / 4250%
CM-716 / 4238%
SI-316 / 4238%
SI-714 / 4233%
RA-513 / 4231%
CA-712 / 4229%
IA-511 / 4226%

Co-occurring actors

None.

Similar actors

Similar TTPs

Same nation-state