The Jade Censor: APT31

Threat Intelligence Tarot

Vol. II · 79

China (MSS - Ministry of State Security)

G0128

★★★★★

risk 4/5

✦ The Jade Censor ✦

APT31

ZIRCONIUM · Judgment Panda · Violet Typhoon

GovernmentPolitical organizationsNGOsThink tanksPresidential campaigns

Active since ~2010 · Espionage, Political surveillance

The Jade Censor watches from the halls of power, cataloguing dissent before it can speak. Its reach extends into the councils of foreign nations, a silent archivist of political thought deemed threatening to order.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1566.001

Spearphishing Attachment

Initial Access

T1078

Valid Accounts

Defense Evasion

T1053.005

Scheduled Task

Persistence

T1027

Obfuscated Files or Information

Defense Evasion

T1071.001

Web Protocols

Command and Control

T1560

Archive Collected Data

Collection

T1041

Exfiltration Over C2 Channel

Exfiltration

Notable Operations

◆Targeting of 2020 US presidential campaigns
◆French government intrusions
◆Tibetan diaspora targeting
◆Biden and Trump campaign phishing (2020)

Defenses

▸
Phishing-resistant MFA for all privileged accounts
NIST CSF: PR.AC ↗
▸
Email gateway filtering with attachment sandboxing
CIS Control 9 ↗
▸
Scheduled task auditing and allowlisting
CIS Control 10 ↗
▸
Egress traffic monitoring for C2 beaconing patterns
NIST CSF: DE.CM ↗

Reversed: Their Weakness

Exposed by attribution, this censor's operations collapse when victim nations share intelligence. Coordinated diplomatic responses and multi-nation indictments strip away the veil of deniability.

Share this adversary profile

Compare →

← → arrow keys to browse

swipe to browse

← PreviousThe False Tax Next →The Lotus Watcher

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.