Menu
Browse

Cyber Threat Actor: APT27

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Nation State
China
1 incident
Profile

Advanced Persistent Threat 27, also known as APT27, is a threat actor publicly linked to China. The actor operates under the alias Advanced Persistent Threat 27 and has been identified in open-source reporting as part of a broader set of Chinese APT groups. Attribution to China is based on public statements that connect the activity to Chinese state-linked actors. Open-source assessments list China as the known location of APT27’s activities. In a July 2022 incident, APT27 was among the groups cited for targeting Belgian federal entities responsible for interior affairs and defense. This targeting indicates a focus on government institutions in Western Europe.

The same incident was described as malicious cyber activities that significantly affected Belgian national sovereignty, democracy, and security, according to the Belgian Ministry of Foreign Affairs. No specific malware families, initial access vectors, or tooling techniques were disclosed in the public source for this operation. The Belgian response highlighted the violation of UN-endorsed norms for responsible state behavior in cyberspace and called on Chinese authorities to prevent such activity originating from their territory. The Belgian authorities also stressed the importance of continued collaboration with European and international partners to strengthen cyber resilience and counter threats through enhanced information sharing and diplomatic engagement. The event is frequently referenced as a representative example of APT27’s activity in open-source threat reporting.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources