← Home·Gallery·Techniques
Threat Intelligence Tarot
Major Arcana · 6
China (MSS-affiliated)
G0096
risk 5/5
The Ten Thousand
APT41
Winnti · Double Dragon · BARIUM · Wicked Panda
HealthcareTechnologyGamingTelecommunicationsGovernments
Active since ~2012 · Espionage, Financial gain, Supply chain compromise
It wears two faces and hides neither. By day it serves the Ministry, filing intelligence on pharmaceutical research and government networks. By night it steals game currency and sells exploits. It operates at the intersection of patriotism and profit.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
T1190
Exploit Public-Facing Application
Initial Access
T1078
Valid Accounts
Persistence
T1059.003
Windows Command Shell
Execution
T1195.002
Compromise Software Supply Chain
Initial Access
T1486
Data Encrypted for Impact
Impact
T1134
Access Token Manipulation
Privilege Escalation
T1068
Exploitation for Privilege Escalation
Privilege Escalation
Notable Operations
  • Asus Live Update supply chain attack (2019)
  • Video game currency theft campaigns
  • COVID-19 vaccine research targeting (2020)
  • US state government systems compromise (2021)
Defenses
Reversed: Their Weakness
APT41's indictment of five members by the US DOJ in 2020 revealed the group's real names, companies, and methods - a consequence of operating for personal profit while using state infrastructure.

Share this adversary profile

swipe to browse

← PreviousThe ArchivistNext →The Silent Dragon
Related Adversaries
The Void
BlackCat / ALPHV
5 shared TTPs
The Thousand Hands
APT10
4 shared TTPs
The Shadow Court
APT29
4 shared TTPs
Data sourced from MITRE ATT&CK. For educational purposes.