Menu
Browse

Cyber Threat Actor: Deep Panda

Actor Type Location Known Incidents
 Icon
Spy
China
0 incidents
Profile

Deep Panda, also referenced in public reporting as APT 3, is a threat actor based in China and known to operate under the alias Deep Panda. The individuals identified in a 2017 U.S. indictment—Wu Yingzhuo, Dong Hao, and Xia Lei—are Chinese nationals residing in China and were employed by the Guangzhou Bo Yu Information Technology Company Limited, which does business as Boyusec. This indictment describes the group as engaging in computer hacking, theft of trade secrets, conspiracy, and identity theft for commercial advantage. The actor’s location is explicitly noted as China, and the publicly available sources tie the alias to a China‑based cyber‑espionage group.

The actor’s targeting has been observed in the financial, engineering, and technology sectors, as detailed in the indictment concerning three corporate victims between 2011 and May 2017. In addition to private industry, Deep Panda has been linked to attacks on Hong Kong government agencies, which were described as politically motivated spear‑phishing campaigns. The strategic objectives evident from the sources include the theft of sensitive internal documents and communications for commercial gain and the pursuit of political aims through espionage. Reported tactics, techniques, and procedures involve spear‑phishing emails containing malicious links or attachments that deliver malware to gain unauthorized access to victim networks, followed by the maintenance of persistent presence to exfiltrate data. No specific malware families or tool names are disclosed in the provided material.

Notable operations attributed to Deep Panda include the sustained intrusion into the three corporations that led to the 2017 indictment, resulting in charges for theft of trade secrets and related offenses. Another representative campaign is the series of spear‑phishing attempts against Hong Kong government bodies in early August 2016, which FireEye attributed to the China‑based APT 3 group and tied to the legislative election period. These incidents illustrate the actor’s focus on both commercial theft and politically driven espionage, consistent with the information presented in the source articles. The profile concludes with the confirmation that Deep Panda’s activities have been publicly documented through legal indictments and cybersecurity reporting.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
2 sources