#363
TA428
APTAlso Known AsBRONZE DUDLEYColourful Panda
TA428 is a cyber espionage group of Chinese origin that first emerged in 2013, though it was formally identified and named by Proofpoint researchers in 2019. The group's primary motivation is information theft and espionage, focusing on targets of strategic value to China. What sets TA428 apart is its consistent engagement in long-term, strategic intrusions against government agencies, critical infrastructure, and defense organizations predominantly across the Asia-Pacific region and Eastern Europe. The group demonstrates operational overlaps and collaborations with other China-linked threat groups and is also tracked under aliases such as Panda and ThunderCats.
CNInformation theft and espionage59 victimsFirst seen: 2013-01-01Last seen: 2026-07-10
Target Countries
United Arab EmiratesAfghanistanBelarusMyanmarMongoliaRussian FederationUkraineYemen
Target Sectors
ManufacturingInformation ServicesFinanceProfessional&Technical ServicesPublic AdministrationTelecommunicationsJustice & Safety ActivitiesSpace & DefenseNational Security&International AffairsComputer Design & ServicesComputer Systems Design ServicesNational SecurityHospitalsAir TransportationConstructionRestaurantsPharmaceutical and Medicine ManufacturingPlastics Product ManufacturingAircraft ManufacturingLegal ServicesManagement, Scientific, and Technical Consulting ServicesEducational Support ServicesPerforming Arts CompaniesPromoters of Performing Arts, Sports, and Similar EventsOther Amusement and Recreation IndustriesGrantmaking and Giving ServicesCivic and Social OrganizationsNational Security and International AffairsFreight Transportation ArrangementPeriodical PublishersMotion Picture and Video ProductionData Processing, Hosting, and Related ServicesComputer Systems Design and Related ServicesManagement Consulting ServicesPublic Relations AgenciesEmployment Placement Agencies and Executive Search ServicesTruck&Rail TransportationHuman Resources Consulting ServicesOffices of Lawyers
Associated Malware
win.albaniiutaswin.8t_dropper
Related CVEs
CVE-2026-22584CVE-2026-1731CVE-2026-1340CVE-2026-1281CVE-2025-66478CVE-2025-59287CVE-2025-55182CVE-2025-23304CVE-2025-21042CVE-2025-14847CVE-2025-0921CVE-2024-21893CVE-2024-21887CVE-2024-21412CVE-2024-12356CVE-2023-4966CVE-2023-46805CVE-2023-38831CVE-2023-36884CVE-2023-23397
ATT&CK IDs
T1572 - Protocol TunnelingT1140 - Deobfuscate/Decode Files or InformationT1056 - Input CaptureT1129 - Shared ModulesT1189 - Drive-by CompromiseT1484 - Domain Policy ModificationT1014 - RootkitT1069 - Permission Groups DiscoveryT1204 - User ExecutionT1155 - AppleScriptT1203 - Exploitation for Client ExecutionT1127.001 - MSBuildT1587.001 - MalwareT1105 - Ingress Tool TransferT1143 - Hidden WindowT1087 - Account DiscoveryT1036.003 - Rename System UtilitiesT1011 - Exfiltration Over Other Network MediumT1608.001 - Upload MalwareT1199 - Trusted Relationship