ZIRCONIUM

OriginChina

Techniques (MITRE ATT&CK)29

SourceMITRE ATT&CK

Also known as:APT31Violet Typhoon

Vexday analysis

ZIRCONIUM é um grupo de ameaça persistente avançada (APT) de origem chinesa, rastreado pelo MITRE ATT&CK sob o identificador G0128 e também conhecido como APT31 e Violet Typhoon. Ativo pelo menos desde 2017, o grupo tem como alvo indivíduos associados à eleição presidencial norte-americana de 2020 e lideranças proeminentes na comunidade de relações internacionais. Sua atividade está documentada com 29 técnicas no framework MITRE ATT&CK e 1 CVE atribuída ao seu arsenal de exploração.

Techniques (MITRE ATT&CK) 29

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Phishing for Information Spearphishing Link

Resource development

Domains Web Services Network Devices

Initial access

Spearphishing Link

Execution

Windows Command Shell Python Malicious Link

Persistence

Registry Run Keys / Startup Folder

Privilege escalation

Exploitation for Privilege Escalation

Credential access

Credentials from Web Browsers

Discovery

Query Registry System Network Configuration Discovery System Owner/User Discovery System Information Discovery System Time Discovery

Command and control

Multi-hop Proxy Bidirectional Communication Ingress Tool Transfer Symmetric Cryptography Hide Infrastructure

Exfiltration

Exfiltration Over C2 Channel Exfiltration to Cloud Storage

stealth

Software Packing Masquerading Masquerade Task or Service Deobfuscate/Decode Files or Information Msiexec

Exploited vulnerabilities 1

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2017-0005HIGHEPSS 11%KEV

ZIRCONIUM uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →