APT5
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:13
- Updated at
- 27/03/2026 01:13
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 30 attack patterns (mitre), 8 malware, 3 indicators, 5 tool, 1 campaign
Aliases
Mulberry Typhoon MANGANESE BRONZE FLEETWOOD Keyhole Panda UNC2630
Description
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zero-Day April 2021)(Citation: Mandiant Pulse Secure Update May 2021)(Citation: FireEye Southeast Asia Threat Landscape March 2015)(Citation: Mandiant Advanced Persistent Threats)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- Mandiant Pulse Secure Update May 2021
- Microsoft East Asia Threats September 2023
- Microsoft Threat Actor Naming July 2023
- mitre-attack (G1023)
- FireEye Southeast Asia Threat Landscape March 2015
- Mandiant Advanced Persistent Threats
- NSA APT5 Citrix Threat Hunting December 2022
- Mandiant Pulse Secure Zero-Day April 2021
- Secureworks BRONZE FLEETWOOD Profile