Anchor Panda APT

Type: Nation-State-Sponsored

Status: believed active

Active Since/Discovered: 2013

Last Report: Oct. 2013


  • civilian and military maritime operations in the green/brown water regions in the area of operations of the South Sea Fleet of the PLA Navy
  • Also targeted companies in the United States, Germany, Sweden, the UK, Australia, and other nations involved in maritime satellite systems, aerospace industries, and the defense sector

Target Sectors: maritime satellite systems, aerospace companies, and defense contractors


    • Adobe Ghost
    • Poison Ivy
    • Torn RAT

Preferred Attack Vector:  spear phishing


  • May be PLA NAVY
  • Marker for encrypted binaries  – “PdPD” (50 64 50 44)