Home/ Threat Actors/ APT30

🇨🇳APT30

🇨🇳 APT30 is a tracked threat actor in the Clankerusecase corpus. CN-aligned. Primary motivation: State. We map 11 detection use cases to this actor across 2 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0013) ↗

11Use cases

0Articles

2Techniques

0IOCs

About this actor (MITRE)

[APT30](https://attack.mitre.org/groups/G0013) is a threat group suspected to be associated with the Chinese government. While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches.(Citation: FireEye APT30)(Citation: Baumgartner Golovkin Naikon 2015)

Known aliases

APT30

Top techniques

T1204.002 · Malicious File T1566.001 · Spearphishing Attachment

Detection use cases (11)

Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Developer package install spawning script-host with non-registry C2 within 5 minutes MITRE match Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access MITRE match Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes MITRE match Package manager lifecycle hook spawns network-fetching shell or runtime MITRE match Abnormal Security: malicious email opened MITRE match Email attachment opened from external sender MITRE match Email Attachments With Lots Of Spaces MITRE match GSuite Email Suspicious Attachment MITRE match Gsuite Email Suspicious Subject With Attachment MITRE match Suspicious Email Attachment Extensions MITRE match