TIARAS - APT1

Threat Actor Profile

High APT

Description

APT1is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.[1]

Confidence Score

100%

First Seen

Unknown

Last Updated

April 29, 2026
18 hours, 44 minutes ago

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (20)

T1005 - Data from Local System

Collection

T1114 - Email Collection

Collection

T1119 - Automated Collection

Collection

T1560 - Archive Collected Data

Collection

T1003 - OS Credential Dumping

Credential Access

T1036 - Masquerading

Defense Evasion

T1550 - Use Alternate Authentication Material

Defense Evasion

T1007 - System Service Discovery

Discovery

T1016 - System Network Configuration Discovery

Discovery

T1049 - System Network Connections Discovery

Discovery

T1057 - Process Discovery

Discovery

T1087 - Account Discovery

Discovery

T1135 - Network Share Discovery

Discovery

T1059 - Command and Scripting Interpreter

Execution

T1566 - Phishing

Initial Access

T1021 - Remote Services

Lateral Movement

T1583 - Acquire Infrastructure

Resource Development

T1584 - Compromise Infrastructure

Resource Development

T1585 - Establish Accounts

Resource Development

T1588 - Obtain Capabilities

Resource Development

Indicators of Compromise

Loading IOCs…

STIX Data

{'aliases': [],
 'description': 'APT1is a Chinese threat group that has been attributed to the '
                '2nd Bureau of the People’s Liberation Army (PLA) General '
                'Staff Department’s (GSD) 3rd Department, commonly known by '
                'its Military Unit Cover Designator (MUCD) as Unit 61398.[1]',
 'external_references': [{'external_id': 'G0006',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0006/'}],
 'id': 'threat-actor--G0006',
 'metadata': {'crawled_at': '2026-04-29T14:32:31.439616+00:00',
              'mitre_group_id': 'G0006',
              'page_title': 'APT1, Comment Crew, Comment Group, Comment Panda, '
                            'Group G0006 | MITRE ATT&CK®'},
 'name': 'APT1',
 'type': 'threat-actor'}

Quick Actions

Related TTPs (20)

Data from Local System
Collection

Email Collection
Collection

Automated Collection
Collection

Archive Collected Data
Collection

OS Credential Dumping
Credential Access

View All 20 TTPs

Back to Threat Actors

Dashboard Home

Threat Actor Profile

Description

Confidence Score

Tags

First Seen

Last Updated

Active Status

Created

MITRE ATT&CK Techniques (20)

T1005 - Data from Local System

T1114 - Email Collection

T1119 - Automated Collection

T1560 - Archive Collected Data

T1003 - OS Credential Dumping

T1036 - Masquerading

T1550 - Use Alternate Authentication Material

T1007 - System Service Discovery

T1016 - System Network Configuration Discovery

T1049 - System Network Connections Discovery

T1057 - Process Discovery

T1087 - Account Discovery

T1135 - Network Share Discovery

T1059 - Command and Scripting Interpreter

T1566 - Phishing

T1021 - Remote Services

T1583 - Acquire Infrastructure

T1584 - Compromise Infrastructure

T1585 - Establish Accounts

T1588 - Obtain Capabilities

Indicators of Compromise

IOC KQL for Sentinel

STIX Data

Quick Actions

Related TTPs (20)

Please wait…