ZIRCONIUM
Aliases: APT31, Violet Typhoon
ZIRCONIUM is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.
Open interactive actor investigation
ATT&CK techniques
T1082
System Information DiscoveryT1598
Phishing for InformationT1012
Query RegistryT1059.003
Windows Command ShellT1583.006
Web ServicesT1584.008
Network DevicesT1555.003
Credentials from Web BrowsersT1059.006
PythonT1547.001
Registry Run Keys / Startup FolderT1573.001
Symmetric CryptographyT1124
System Time DiscoveryT1140
Deobfuscate/Decode Files or InformationT1598.003
Spearphishing LinkT1566.002
Spearphishing LinkT1583.001
DomainsT1033
System Owner/User DiscoveryT1090.003
Multi-hop ProxyT1041
Exfiltration Over C2 ChannelT1036
MasqueradingT1567.002
Exfiltration to Cloud StorageT1027.002
Software PackingT1204.001
Malicious LinkT1036.004
Masquerade Task or ServiceT1068
Exploitation for Privilege EscalationT1218.007
MsiexecT1105
Ingress Tool TransferT1016
System Network Configuration DiscoveryT1102.002
Bidirectional Communication
System Information DiscoveryT1598
Phishing for InformationT1012
Query RegistryT1059.003
Windows Command ShellT1583.006
Web ServicesT1584.008
Network DevicesT1555.003
Credentials from Web BrowsersT1059.006
PythonT1547.001
Registry Run Keys / Startup FolderT1573.001
Symmetric CryptographyT1124
System Time DiscoveryT1140
Deobfuscate/Decode Files or InformationT1598.003
Spearphishing LinkT1566.002
Spearphishing LinkT1583.001
DomainsT1033
System Owner/User DiscoveryT1090.003
Multi-hop ProxyT1041
Exfiltration Over C2 ChannelT1036
MasqueradingT1567.002
Exfiltration to Cloud StorageT1027.002
Software PackingT1204.001
Malicious LinkT1036.004
Masquerade Task or ServiceT1068
Exploitation for Privilege EscalationT1218.007
MsiexecT1105
Ingress Tool TransferT1016
System Network Configuration DiscoveryT1102.002
Bidirectional Communication