Anchor Panda APT

Type: Nation-State-Sponsored

Status: believed active

Active Since/Discovered: 2013

Last Report: Oct. 2013


  • civilian and military maritime operations in the green/brown water regions in the area of operations of the South Sea Fleet of the PLA Navy
  • Also targeted companies in the United States, Germany, Sweden, the UK, Australia, and other nations involved in maritime satellite systems, aerospace industries, and the defense sector

Target Sectors: maritime satellite systems, aerospace companies, and defense contractors


    • Adobe Ghost
    • Poison Ivy
    • Torn RAT

Preferred Attack Vector:  spear phishing


  • May be PLA NAVY
  • Marker for encrypted binaries  – “PdPD” (50 64 50 44)
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google