Anchor Panda: A Chinese Hacker Group



Anchor Panda, also known as APT14, is a China-based hacker group, that mainly targets civil and military maritime operations in the green/brown water regions. It mainly targets the area of operations of the South Sea Fleet of the PLA Navy. The western companies of the countries like the US, Germany, Sweden, the UK, Australia, etc., have also became victims of its frequent attacks. Anchor Panda also targets embassies and diplomatic missions, foreign intelligence services, and foreign governments' space programs. 


Some of the main characteristics of the Anchor Panda hacker group are as follows:
  • The name "Anchor Panda" corresponds to its origins. "Anchor" is a general maritime term and the word "Panda" is often used to denote China.

  • They use sphere phishing to attack, along with Adobe Ghost, Poison Ivy, and Torn RAT malwares. 

  • This group has been active since 2013 and is estimated to have been backed by the Chinese government. It uses many malwares identical to the ones used in Chinese government operations, indicating some form of collaboration. 

  • It has the ability to leverage publicly available tools. It initially starts by tricking the victims via phishing emails before deploying the malwares like Ghost RAT trojan to maintain its persistence on a compromised network. 

  • It extensively make use of a compromised website and web-server for its attack. It leverages a large amount of cache of tools in its campaign and also includes the exploits to take advantage of the known CVE software vulnerabilities. 

  • Once inside, it gains usernames and passwords via its credential-harvesting tools. After that, it can easily reach anything across the network and move laterally within the environment to ultimately steal the confidential data. 


In order to overcome such attacks a highly advanced cybersecurity program must be utilized. It should also contain some of the most advanced security solutions, email as well as web content filtering, antiviruses, and threat hunting measures. Application of Zero Trust Model, Multifactor Authentication, in-depth defense, etc., are a must to prevent and mitigate the potential damage done by Anchor Panda.


Anchor Panda poses a great threat to various government organizations of different countries. However, it is not impossible to stop and/or mitigate its attacks. Making use of all the advanced anti-threat technologies can surely help in identifying and hunting its malware or spyware. Regular trainings of employees regarding various threat actors and regular network checkups can be of great help in fighting with it.

To know more, read- Anchor Panda


Popular posts from this blog

Threat Hunting in Microsoft Sentinel (part 1)

Work with String Data Using KQL Statements

Operational Tasks for Microsoft Sentinel