Cyber Threat Actor: APT3
| Actor Type | Location | Known Incidents |
Spy
|
China
|
2 incidents |
|---|
Profile
APT3, also known as Gothic Panda, Buckeye, and Group G0065, is a China‑based threat actor that has been publicly linked to a series of cyber operations targeting private corporations and government entities. The group’s members have been identified as Chinese nationals working for a China‑based internet security firm, Guangzhou Bo Yu Information Technology Company Limited (Boyusec), and have been charged in the United States with computer hacking, theft of trade secrets, conspiracy and identity theft. These attributions establish a clear China nexus for the actor’s activities.
The actor’s targeting has been observed in the financial, engineering and technology sectors, as evidenced by the indictment describing intrusions into three corporate victims in those industries between 2011 and May 2017 with the aim of stealing sensitive internal documents and communications for commercial advantage. In addition, APT 3 has been reported to conduct spear‑phishing campaigns against Hong Kong government agencies in the period leading up to legislative elections, which the describing source characterized as politically motivated. A separate incident involving a prominent Washington, D.C. think tank that exposed nonprofit organization data aligns with the actor’s pattern of focusing on policy‑related institutions, although no direct attribution was made in that case.
Regarding tactics, the publicly reported operations highlight spear‑phishing as an initial access vector, with e‑mails containing malicious links and attachments used to deliver malware and gain unauthorized access to victim networks. The actor’s tooling style emphasizes maintaining persistent presence within compromised environments to exfiltrate trade secrets and confidential communications. No specific malware families or additional tooling details are provided in the source material, so the description is limited to the confirmed use of spear‑phishing and malware for data collection. These facts together form a verified profile of APT3’s known activities and methods.