CrowdStrike 2026 Global Threat Report: The definitive threat intelligence report for the AI era Download report

Treasure Panda

Discover the adversaries targeting your industry

Back to Adversary Universe
pandaalt

TREASURE PANDA has been active since at least 2017 and has demonstrated a longstanding focus on high-profile government and military entities in primarily Russia and Mongolia as well as other nations in Central Asia and Eastern Europe. The adversary leverages multiple malware families such as PlugX, PoisonIvy, TSSLClientRAT, MsmRAT, LogSupport, CotSam, StratRS, DNSep, Hawkball, and Mikroceen, and ...

  • Treasure Panda

  • China, East Asia, Asia

Community Identifiers

Operation Lagtime IT, Maudi Surveillance Group, TA428

Objective

Intelligence Gathering, Intellectual Property Theft

Motivation

State-Sponsored

Contact sales

Thank you for your request!

A member of our team will be in touch shortly

Contact our team about IOCs for this adversary

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.
Contact us
Adversaries Map

Who's targeting your industry?

Today's adversaries are faster, smarter, and better resourced. Know who they are and how to stop them.

View adversaries
Threat Hunting report spread

CrowdStrike 2025 Threat Hunting Report


Adversaries weaponize and target AI at scale.
Learn more