APT9 is a threat actor attributed to CN, also known as Red Pegasus, Group 27, NIGHTSHADE PANDA. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does APT9 exploit?

Specific CVE exploitation data for APT9 is being tracked. Check the Strobes VI threat actor profile for updates.

APT9

Also known as: Red Pegasus, Group 27, NIGHTSHADE PANDA

Exploited CVEs

Overview

APT9 engages in cyber operations where the goal is data theft, usually focusing on the data and projects that make a particular organization competitive within its field. APT9 was historically very active in the pharmaceuticals and biotechnology industry. We have observed this actor use spearphishing, valid accounts, as well as remote services for Initial Access. On at least one occasion, Mandiant observed APT9 at two companies in the biotechnology industry and suspect that APT9 actors may have gained initial access to one of the companies by using a trusted relationship between the two companies. APT9 use a wide range of backdoors, including publicly available backdoors, as well as backdoors that are believed to be custom, but are used by multiple APT groups.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database