Threat Intelligence Tarot
Vol. II · 86
China (MSS-affiliated contractor)
G1006
risk 3/5
The Dusty Archivist
Earth Lusca
TAG-22 · Charcoal Typhoon subset
GovernmentEducationMediaHealthcareCryptocurrencyPro-democracy groups
Active since ~2019 · Espionage, Financial gain, Influence operations
The Dusty Archivist collects without discrimination: pandemic research, political dissent, financial records, diplomatic cables. Its contractor nature means the collection serves many masters simultaneously.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
T1190
Exploit Public-Facing Application
Initial Access
T1059.001
PowerShell
Execution
T1027
Obfuscated Files or Information
Defense Evasion
T1071.001
Web Protocols
Command and Control
T1105
Ingress Tool Transfer
Command and Control
T1083
File and Directory Discovery
Discovery
T1041
Exfiltration Over C2 Channel
Exfiltration
Notable Operations
  • Targeting of COVID-19 research institutions
  • Hong Kong protest movement surveillance
  • Cryptocurrency exchange breaches
  • Government entity intrusions across 14 countries
Defenses
Reversed: Their Weakness
Its dual espionage-and-financial mandate creates operational inconsistencies that aid attribution. Organizations that patch public-facing applications promptly remove its preferred entry point entirely.

Share this adversary profile

Compare →

swipe to browse

← PreviousThe Circuit PhantomNext →The Harvester of Roots
Related Adversaries
The Sunken Dragon
Aquatic Panda
4 shared TTPs
The Jade Thief
Jade Sleet
3 shared TTPs
The Circuit Phantom
BlackTech
3 shared TTPs
Data sourced from MITRE ATT&CK. For educational purposes.