APT / THREAT GROUP🕵️ ESPIONAGE

APT27

🇨🇳China-attributed
1
campaigns
17
aliases
Last seen:Mar 17, 2026

Intelligence Profile

A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.

Threat Analysis

APT27 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Known Campaigns

APT27 — Active Operations March 2026

APT27 is a unknown-motivation threat actor attributed to China. A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors....

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Origin🇨🇳 China
Aliases17
SourceMalpedia

Also Known As

Iron TigerAPT27TEMP.HippoGroup 35BudwormEarth SmilodonBRONZE UNIONLinen TyphoonLucky MouseGreedyTaotieCircle TyphoonZipTokenRed PhoenixEMISSARY PANDAG0027TG-3390Iron Taurus

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.