← All Threat Actors
Threat Actor Profile

Threat Group-3390

APT27 BRONZE UNION Earth Smilodon Emissary Panda G0027 Iron Tiger Linen Typhoon LuckyMouse TG-3390
⚠ Critical Threat
ToolShell SharePoint Exploitation, Pandora Rootkit Evolution, Southeast Asia Diplomatic Espionage
Origin China
Sponsor People's Republic of China (PRC)
Motivation Strategic espionage, intellectual property theft, and political intelligence collection; occasionally financial gain.

Target Sectors

Government Agencies Defense Contractors Critical Infrastructure Telecommunications High-Tech and IT Think Tanks Diplomatic Entities Embassies

Known TTPs

Exploitation of zero-day and n-day vulnerabilities (e.g., 'ToolShell' SharePoint exploits)
DLL side-loading
Deployment of custom malware (PlugX, SysUpdate, HyperBro, Pandora Rootkit)
Use of Cobalt Strike Beacons
Web shell deployment (e.g., spinstall0.aspx)
Spear-phishing and strategic web compromises
Reverse proxy tools for persistence
Browser traffic hijacking

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD