Enhance your password security.

Get Started
CTA icon
Who is Emissary Panda and how can you protect yourself?

Who is Emissary Panda and How Can You Protect Yourself?

August 31, 20217 min read


Emissary Panda is a Chinese advanced persistent threat group notorious for using strategic Web compromises to target victims.

The group has been around since 2010 and is still highly active to this day—attacking governments and multinational corporations worldwide.

Cyber attacks are increasing at an alarming rate! Does your company have effective cybersecurity tools and systems to mitigate breaches? TeamPassword allows you to protect your company's digital assets with a secure password management tool.

‏‏‎ ‎

Try our 14-day free trail to protect yourself

‏‏‎ ‎

Who is Emissary Panda?

Emissary Panda is a Chinese cyberespionage group that primarily targets aerospace, government, defense, technology, energy, and various manufacturing sectors.

Emissary Panda has been active since at least 2010 when they breached US defense contractors stealing terabytes of data!

The group is highly active in the Middle East and Asia and regularly attacks NATO allies, including the United States.

Emissary Panda got its name from the security firm CrowdStrike. "Emissary" being the group's codename, while "Panda" refers to a Chinese advanced persistent threat.

Emissary Panda Aliases

Emissary Panda goes by several aliases, including:

  • TG-3390
  • APT27 (Advanced Persistent Threat 27 - US federal government classification)
  • Iron Tiger
  • LuckyMouse
  • TEMP.Hippo
  • Red Phoenix
  • Budworm
  • Group 35
  • ZipToken

Emissary Panda has collaborated with other Chinese cyberespionage groups, including Turbine Panda, Deep Panda, and APT26.

‏‏‎ ‎

What does Emissary Panda do?

Emissary Panda attacks government institutions and multinational organizations to steal state secrets and intellectual property.

The group is famous for installing web shells through software vulnerabilities and then installing multiple "backdoors," making it difficult to eradicate the attackers from a system.

Emissary Panda's malware and trojans are highly advanced, making it near impossible to detect the group or its movements through a network. The attackers use various pieces of malware to provide remote access, install backdoors, and hide their tracks by deleting user activity logs.

In some instances, Emissary Panda uses a mix of software vulnerabilities and spear-phishing to breach networks.

What makes Emissary Panda unique is the group's well-planned operations, often working for years before breaching their final target.  

Until 2020, Emissary Panda's primary focus was cyber espionage and intelligence gathering. But since 2020, investigators have linked Emissary Panda to multiple ransomware attacks.

‏‏‎ ‎

Famous Emissary Panda Attacks

Emissary Panda is a highly active group, constantly attacking organizations to steal information. These are just a few examples of Emissary Panda's attacks but showcase the sophisticated level of planning and execution.

Operation "Iron Tiger" - 2010 - 2013

Emissary Panda's first major attack was against a US defense contractor in 2013. But the operation started in Asia in 2010.

The group managed to steal a significant amount of military data, including emails, intellectual property, and strategic planning documents.

Iron Tiger was a well-coordinated cyberespionage operation spanning two continents with targets in Hong Kong, China, Tibet, the Philippines, and the United States.

In 2010, the attackers used spear-phishing attacks to target victims in China, Hong Kong, the Philippines, and Tibet. After breaching a system, Emissary Panda would lie silently, gathering intelligence.

After three years, Emissary Panda had the information it needed to go after bigger fish, mostly technology contractors for the United States government. 

By the end of Operation "Iron Tiger," Emissary Panda had stolen terabytes of data, most of it from the United States. The sensitivity of this data posed a severe threat to US intelligence and military organizations. 

Multiple Watering-Hole Attacks - 2015

In 2015, Dell SecureWorks unveiled a report at the Black Hat information security conference in Las Vegas. 

The report detailed how Emissary Panda used more than 100 legitimate websites (for watering-hole attacks) to breach at least 50 US and UK organizations. 

Emissary Panda relied on program vulnerabilities to inject malicious code into legitimate websites—mostly embassies and NGOs. Visitors would use the website as usual but navigating from one page to the next would automatically download an exploit onto the user's device.

The exploit would automatically set up a web shell for Emissary Panda to access the PC while at the same time creating backdoors and erasing user logs to remain undetected.

Emissary Panda spent time gathering intelligence and stealing credentials as they moved laterally through systems and networks. In some cases, they used spear-phishing attacks sent from legitimate email addresses to access other networks and organizations.

Emissary Panda's First Known Ransomware Attack - 2020

In 2020, Emissary Panda switched from cyber espionage to ransomware attacks—a highly unusual move for a typical advanced persistent threat group. The group targeted multiple gaming companies worldwide, breaching at least one.

The breach started at a third-party supplier, twice removed from the actual target before Emissary Panda eventually broke into the gaming company.

The group installed web shells and created multiple backdoors making it impossible to remove the attackers.

It's unclear who the gaming company was or whether or not they paid a ransom.

This attack shows that Emissary Panda is capable and willing to engage in all sorts of cybercrimes and not just gather intelligence.

‏‏‎ ‎

How Can You Protect Yourself Against Cyber Attacks?

Preventing a group like Emissary Panda is extremely difficult. These attackers rely on software vulnerabilities and human error to breach a target—often trying multiple attempts over many months and years.

The first step to prevent these sorts of attacks is for companies to update software and firmware regularly. These updates provide crucial bug fixes—the types of vulnerabilities that groups like Emissary Panda use to stage an attack.

Effective cybersecurity is essential for small businesses, especially if you work with contractors and freelancers. We learn from Emissary Panda that cyber criminals often attack 3rd party providers to gain access to bigger fish.

‏‏‎ ‎

Secure Your Business with TeamPassword

TeamPassword is a password manager designed for secure account authentication and safe credential sharing. You never share raw passwords, eliminating the risk of authorized access or sharing.

With TeamPassword, you can create groups for various accounts, so you only provide access to those who need it. When a team member no longer needs access, simply remove them with one click.

The password manager comes with two-factor authentication, preventing a full breach if attackers steal a user's credentials. TeamPassword also features an activity log, and you can set up email notifications for every action on the password manager.

Protect your company's digital assets with TeamPassword. Get a 14-day free trial to test our robust password management tool with your team today!

facebook social icon
twitter social icon
linkedin social icon
Enhance your password security

The best software to generate and have your passwords managed correctly.

TeamPassword Screenshot
Recommended Articles
hand holding phone with QR code and floating symbols


June 12, 20246 min read

WiFi Password Generator

Secure your WiFi network with our comprehensive guide on generating strong passwords, using QR codes for sharing, and ...

Hand holding three sim cards


June 9, 20248 min read

What Is SIM Swapping and How to Prevent SIM Swap Attacks

Discover how SIM swapping works and how to prevent it. This guide explains SIM swapping scams, how they ...

hands holding alarm clock


June 6, 20247 min read

What does OTP mean in business?

Learn what OTP means in business and how it enhances security. Explore the applications of one-time passwords, the ...

The Password Manager for Teams

TeamPassword is the fastest, easiest and most secure way to store and share team logins and passwords.