Leviathan
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:13
- Updated at
- 27/03/2026 01:13
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 51 attack patterns (mitre), 19 malware, 9 sectors, 3 countries, 105 indicators, 5 vulnerabilities (cve), 7 tool, 1 campaign
Aliases
MUDCARP Kryptonite Panda Gadolinium BRONZE MOHAWK TEMP.Jumper TEMP.Periscope Gingham Typhoon APT40
Description
[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security's (MSS) Hainan State Security Department and an affiliated front company.(Citation: CISA AA21-200A APT40 July 2021) Active since at least 2009, [Leviathan](https://attack.mitre.org/groups/G0065) has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Australia, Europe, the Middle East, and Southeast Asia.(Citation: CISA AA21-200A APT40 July 2021)(Citation: Proofpoint Leviathan Oct 2017)(Citation: FireEye Periscope March 2018)(Citation: CISA Leviathan 2024)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- CISA AA21-200A APT40 July 2021
- FireEye APT40 March 2019
- SecureWorks BRONZE MOHAWK n.d.
- Microsoft Threat Actor Naming July 2023
- CISA Leviathan 2024
- Crowdstrike KRYPTONITE PANDA August 2018
- mitre-attack (G0065)
- Accenture MUDCARP March 2019
- MSTIC GADOLINIUM September 2020
- FireEye Periscope March 2018
- Proofpoint Leviathan Oct 2017