TIARAS - APT18

Threat Actor Profile

High APT

Description

APT18is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical.[1]

Confidence Score

100%

First Seen

Unknown

Last Updated

April 29, 2026
18 hours, 43 minutes ago

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (11)

T1071 - Application Layer Protocol

Command and Control

T1105 - Ingress Tool Transfer

Command and Control

T1027 - Obfuscated Files or Information

Defense Evasion

T1070 - Indicator Removal

Defense Evasion

T1078 - Valid Accounts

Defense Evasion

T1082 - System Information Discovery

Discovery

T1083 - File and Directory Discovery

Discovery

T1053 - Scheduled Task/Job

Execution

T1059 - Command and Scripting Interpreter

Execution

T1133 - External Remote Services

Persistence

T1547 - Boot or Logon Autostart Execution

Persistence

Indicators of Compromise

Loading IOCs…

STIX Data

{'aliases': [],
 'description': 'APT18is a threat group that has operated since at least 2009 '
                'and has targeted a range of industries, including technology, '
                'manufacturing, human rights groups, government, and '
                'medical.[1]',
 'external_references': [{'external_id': 'G0026',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0026/'}],
 'id': 'threat-actor--G0026',
 'metadata': {'crawled_at': '2026-04-29T14:32:37.161309+00:00',
              'mitre_group_id': 'G0026',
              'page_title': 'APT18, TG-0416, Dynamite Panda, Threat '
                            'Group-0416, Group G0026 | MITRE ATT&CK®'},
 'name': 'APT18',
 'type': 'threat-actor'}

Quick Actions

Related TTPs (11)

Application Layer Protocol
Command and Control

Ingress Tool Transfer
Command and Control

Obfuscated Files or Informati…
Defense Evasion

Indicator Removal
Defense Evasion

Valid Accounts
Defense Evasion

View All 11 TTPs

Back to Threat Actors

Dashboard Home

Threat Actor Profile

Description

Confidence Score

Tags

First Seen

Last Updated

Active Status

Created

MITRE ATT&CK Techniques (11)

T1071 - Application Layer Protocol

T1105 - Ingress Tool Transfer

T1027 - Obfuscated Files or Information

T1070 - Indicator Removal

T1078 - Valid Accounts

T1082 - System Information Discovery

T1083 - File and Directory Discovery

T1053 - Scheduled Task/Job

T1059 - Command and Scripting Interpreter

T1133 - External Remote Services

T1547 - Boot or Logon Autostart Execution

Indicators of Compromise

IOC KQL for Sentinel

STIX Data

Quick Actions

Related TTPs (11)

Please wait…