Wicked Panda

WICKED PANDA is an intrusion set tracked by researchers at CrowdStrike who they identify as 'one of the most prolific and effective China-based adversaries from the mid 2010s into the 2020s'. The groups objectives reportedly often align with Chinese Communist Party objectives.

The group shows overlap with other tracked intrusion sets attributed to China, such as APT41 and wider Winnti activity. The actors behind WICKED PANDA intrusions have also been observed by CrowdStrike analysts taking part in financially motivated activity which they track under a different moniker 'WICKED SPIDER'.

WICKED PANDA has been observed targeting multiple sectors including hospitality, technology, telecommunications and gaming. The group uses 'living-off-the-land' techniques such as downloading firewalls with Windows' Background Intelligence Transfer Service (BITS). The group also deploys a variety of malware and custom tooling.

www.crowdstrike.com

https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/

go.crowdstrike.com

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf

www.justice.gov

https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

attack.mitre.org

https://attack.mitre.org/groups/G0096/

www.crowdstrike.com

https://www.crowdstrike.com/adversaries/wicked-panda/