Threat Actor Profile
High APT
Description

TA459 is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others. (Citation: Proofpoint TA459 April 2017)

Confidence Score
90%
Known Aliases
TA459
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (5)
T1059.001 - PowerShell
Execution
T1059.005 - Visual Basic
Execution
T1203 - Exploitation for Client Execution
Execution
T1204.002 - Malicious File
Execution
T1566.001 - Spearphishing Attachment
Initial Access
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['TA459'],
 'created': '2018-04-18T17:59:24.739Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[TA459](https://attack.mitre.org/groups/G0062) is a threat '
                'group believed to operate out of China that has targeted '
                'countries including Russia, Belarus, Mongolia, and others. '
                '(Citation: Proofpoint TA459 April 2017)',
 'external_references': [{'external_id': 'G0062',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0062'},
                         {'description': '(Citation: Proofpoint TA459 April '
                                         '2017)',
                          'source_name': 'TA459'},
                         {'description': 'Axel F. (2017, April 27). APT '
                                         'Targets Financial Analysts with '
                                         'CVE-2017-0199. Retrieved February '
                                         '15, 2018.',
                          'source_name': 'Proofpoint TA459 April 2017',
                          'url': 'https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts'}],
 'id': 'intrusion-set--62a64fd3-aaf7-4d09-a375-d6f8bb118481',
 'modified': '2025-04-25T14:49:19.743Z',
 'name': 'TA459',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Valerii Marchuk, Cybersecurity Help s.r.o.'],
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.1'}
Quick Actions
Related TTPs (5)
PowerShell
Execution
Visual Basic
Execution
Exploitation for Client Execu…
Execution
Malicious File
Execution
Spearphishing Attachment
Initial Access
Back to Threat Actors
Dashboard Home