APT / THREAT GROUP
CardinalLizard
🇨🇳China-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-detection features, and potentially shared infrastructure with other actors.
Threat Analysis
CardinalLizard is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.
Known Campaigns
CardinalLizard — Active Operations March 2026
CardinalLizard is a unknown-motivation threat actor attributed to China. CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-detection features, and potentially shared infrastructure with other actors....
ACTIVEMEDIUM2026
External References
Quick Facts
TypeAPT / Threat Group
Origin🇨🇳 China
Aliases1
SourceMalpedia
Also Known As
CardinalLizard
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.