The Sunken Dragon: Aquatic Panda

Threat Intelligence Tarot

Vol. II · 84

China (MSS-affiliated)

★★★★★

risk 3/5

✦ The Sunken Dragon ✦

Aquatic Panda

BRONZE UNIVERSITY · DoubleAgent

TelecommunicationsTechnologyGovernmentAcademic institutions

Active since ~2020 · Espionage, Intelligence collection

The Sunken Dragon lies in the depths of unpatched infrastructure, rising only when a new vulnerability breaks the surface. Its patience is geological: it waits for the flaw that will open the gate.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1190

Exploit Public-Facing Application

Initial Access

T1078

Valid Accounts

Defense Evasion

T1105

Ingress Tool Transfer

Command and Control

T1003.001

LSASS Memory

Credential Access

T1082

System Information Discovery

Discovery

T1059.001

PowerShell

Execution

T1071.001

Web Protocols

Command and Control

Notable Operations

◆Log4Shell exploitation campaign (December 2021)
◆Targeting of global telecom providers
◆Academic research institution breaches
◆Credential harvesting at enterprise scale

Defenses

▸
Vulnerability management with SLA for critical CVEs under 48 hours
CIS Control 7 ↗
▸
LSASS protection via Credential Guard on Windows endpoints
CIS Control 10 ↗
▸
PowerShell constrained language mode and script block logging
CIS Control 8 ↗
▸
Web application firewall with virtual patching capability
NIST CSF: PR.PT ↗

Reversed: Their Weakness

Aggressive patch management is its nemesis. Organizations that applied Log4Shell patches within 48 hours denied it its primary access vector. Timely vulnerability response eliminates its favored entry points.

Share this adversary profile

Compare →

← → arrow keys to browse

swipe to browse

← PreviousThe Damselfly Next →The Circuit Phantom

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.