Executive Summary
APT31 is a cyber threat actor believed to be backed by the Chinese government and has been conducting large-scale cyber espionage operations against many countries and industries around the world. The group is also known by names such as Zirconium and Judgment Panda, and specifically targets sensitive government information, strategic industrial secrets and innovative technologies. APT31 specialises in advanced phishing attacks, supply chain attacks and the use of malware.
In this report, APT31’s identity, targeted countries and sectors, associated campaigns, attack methods used, and IoCs are comprehensively covered. The group organises attacks against strategic sectors in the United States, the European Union and the Asia-Pacific region, threatening economic and national security in these regions.
APT31’s activities have caused significant damage, especially in the defence industry, government agencies, technology companies and the energy sector. The malware and techniques used by the group make it difficult to detect attacks, enabling long-term access and data exfiltration operations. Moreover, APT31’s competence in supply chain attacks increases its success in cyber espionage operations.