Type: Nation-state-sponsored

APT18 Status: believed active (PLA NAVY)

APT18 Other Names: Dynamite Panda/ PLA Navy/ TG-0416/ Wekby

Active Since/Discovered: April 2011

Targets: U.S. and others

Target Sectors:

  • Aerospace and Defence; Construction and Engineering; Education; Health and Biotechnology; High Tech; Telecommunications; Transportation


  • HTTPBrowser
  • TokenControl
  • HcdLoader
  • PisLoader


  • May be responsible for RSA breach (2011) and Community Health Systems data breach
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google