HOMETHREATSTEMPER PANDA
APT / THREAT GROUP💰 FINANCIALHIGH

TEMPER PANDA

🇨🇳China-attributed
1
campaigns
6
aliases
Last seen:Mar 17, 2026

Intelligence Profile

China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. This threat actor targets prodemocratic activists and organizations in Hong Kong, European and international financial institutions, and a U.S.-based think tank.

Threat Analysis

TEMPER PANDA is a high-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like TEMPER PANDA prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, TEMPER PANDA is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

TEMPER PANDA — Active Operations March 2026

TEMPER PANDA is a financial threat actor attributed to China. China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public b...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇨🇳 China
Aliases6
SourceMalpedia

Also Known As

admin@338Team338Admin338MAGNESIUMG0018TEMPER PANDA

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.