Threat Group-3390
Aliases: Earth Smilodon, TG-3390, Emissary Panda, BRONZE UNION, APT27, Iron Tiger, LuckyMouse
Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target victims. The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors.
Open interactive actor investigation
ATT&CK techniques
T1068
Exploitation for Privilege EscalationT1030
Data Transfer Size LimitsT1190
Exploit Public-Facing ApplicationT1046
Network Service DiscoveryT1053.002
AtT1055.012
Process HollowingT1074.001
Local Data StagingT1203
Exploitation for Client ExecutionT1567.002
Exfiltration to Cloud StorageT1003.001
LSASS MemoryT1059.003
Windows Command ShellT1574.002
DLL Side-LoadingT1555.005
Password ManagersT1566.001
Spearphishing AttachmentT1012
Query RegistryT1003.004
LSA SecretsT1204.002
Malicious FileT1033
System Owner/User DiscoveryT1608.001
Upload MalwareT1505.003
Web ShellT1547.001
Registry Run Keys / Startup FolderT1027.013
Encrypted/Encoded FileT1543.003
Windows ServiceT1199
Trusted RelationshipT1016
System Network Configuration DiscoveryT1105
Ingress Tool TransferT1056.001
KeyloggingT1059.001
PowerShellT1562.002
Disable Windows Event LoggingT1078
Valid AccountsT1608.004
Drive-by TargetT1588.002
ToolT1018
Remote System DiscoveryT1583.001
DomainsT1189
Drive-by CompromiseT1140
Deobfuscate/Decode Files or InformationT1003.002
Security Account ManagerT1133
External Remote ServicesT1005
Data from Local SystemT1087.001
Local AccountT1195.002
Compromise Software Supply ChainT1548.002
Bypass User Account ControlT1119
Automated CollectionT1560.002
Archive via LibraryT1027.002
Software PackingT1588.003
Code Signing CertificatesT1047
Windows Management InstrumentationT1071.001
Web ProtocolsT1070.005
Network Share Connection RemovalT1021.006
Windows Remote ManagementT1574.001
DLL Search Order HijackingT1070.004
File DeletionT1608.002
Upload ToolT1112
Modify RegistryT1210
Exploitation of Remote ServicesT1074.002
Remote Data StagingT1049
System Network Connections Discovery
Exploitation for Privilege EscalationT1030
Data Transfer Size LimitsT1190
Exploit Public-Facing ApplicationT1046
Network Service DiscoveryT1053.002
AtT1055.012
Process HollowingT1074.001
Local Data StagingT1203
Exploitation for Client ExecutionT1567.002
Exfiltration to Cloud StorageT1003.001
LSASS MemoryT1059.003
Windows Command ShellT1574.002
DLL Side-LoadingT1555.005
Password ManagersT1566.001
Spearphishing AttachmentT1012
Query RegistryT1003.004
LSA SecretsT1204.002
Malicious FileT1033
System Owner/User DiscoveryT1608.001
Upload MalwareT1505.003
Web ShellT1547.001
Registry Run Keys / Startup FolderT1027.013
Encrypted/Encoded FileT1543.003
Windows ServiceT1199
Trusted RelationshipT1016
System Network Configuration DiscoveryT1105
Ingress Tool TransferT1056.001
KeyloggingT1059.001
PowerShellT1562.002
Disable Windows Event LoggingT1078
Valid AccountsT1608.004
Drive-by TargetT1588.002
ToolT1018
Remote System DiscoveryT1583.001
DomainsT1189
Drive-by CompromiseT1140
Deobfuscate/Decode Files or InformationT1003.002
Security Account ManagerT1133
External Remote ServicesT1005
Data from Local SystemT1087.001
Local AccountT1195.002
Compromise Software Supply ChainT1548.002
Bypass User Account ControlT1119
Automated CollectionT1560.002
Archive via LibraryT1027.002
Software PackingT1588.003
Code Signing CertificatesT1047
Windows Management InstrumentationT1071.001
Web ProtocolsT1070.005
Network Share Connection RemovalT1021.006
Windows Remote ManagementT1574.001
DLL Search Order HijackingT1070.004
File DeletionT1608.002
Upload ToolT1112
Modify RegistryT1210
Exploitation of Remote ServicesT1074.002
Remote Data StagingT1049
System Network Connections Discovery