Menu
Browse

Cyber Threat Actor: Q

Actor Type Location Known Incidents
 Icon
Spy
China
5 incidents
Profile

The threat actor known by the alias Q has been publicly associated with operations originating from China. Observed activity spans multiple sectors including financial services, telecommunications, defense contracting, government administration, and critical infrastructure such as weather monitoring networks. Strategic objectives identified in the reported incidents include causing disruption through large‑scale distributed denial‑of‑service attacks, conducting espionage by exfiltrating sensitive military and environmental data, and delivering political messages via website defacement.

Technical details described in the sources indicate that Q employs a range of tactics without reference to specific malware families. The actor has launched multi‑wave DDoS campaigns leveraging servers located in Russia, China, and Vietnam to overwhelm target networks. In other operations, Q gained unauthorized access to contractor systems, compromised individual workstations within municipal offices, and infiltrated federal networks to disrupt services. Initial access vectors are not detailed beyond the successful compromise of contractor networks and the tracing of intrusion points to Chinese‑based infrastructure.

Attribution to China is repeatedly cited in the open‑source reporting, with incidents described as being carried out by Chinese hackers or traced to Chinese servers. Representative campaigns that illustrate the actor’s pattern include the September 2020 DDoS assault on Hungarian banking and telecom services, the December 2018 breach of U.S. Navy contractors that yielded ship maintenance and missile data, the July 2018 defacement of Taiwan’s Democratic Progressive Party website with Chinese‑language content, the April 2015 intrusion into the secretary’s computer at Taipei’s mayor’s office, and the November 2014 infiltration of the U.S. National Oceanic and Atmospheric Administration’s weather satellite network. These examples demonstrate Q’s focus on both disruptive and intelligence‑gathering actions across geographic and sectoral boundaries.

Incidents
Attributed incidents available to members
5 incidents
Sources
Sources available to members
0 sources