APT / THREAT GROUP🕵️ ESPIONAGEADVANCED

TIDRONE

🇨🇳China-attributed
1
campaigns
3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers in Taiwan. The actor employs advanced malware variants such as CXCLNT and CLNTEND, which are distributed through ERP software or remote desktops. The consistency in file compilation times and operational patterns aligns with other Chinese espionage activities, indicating a likely espionage motive.

Threat Analysis

TIDRONE is a advanced-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Classified as an advanced threat actor, TIDRONE likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.

Known Campaigns

TIDRONE — Active Operations March 2026

TIDRONE is a espionage threat actor attributed to China. TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers in Taiwan. The actor employs advanced malware variants such as CXCLNT and CLNTEND, which are distributed through ERP softw...

ACTIVEHIGH2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Sophisticationadvanced
Origin🇨🇳 China
Aliases3
SourceMalpedia

Also Known As

TIDRONEEarth AmmitVENOM

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.