NAME:
APT27

Alias
EmissaryPanda, LuckyMouse, Emissary Panda, TG-3390, APT 27, TEMP.Hippo, Group 35, Bronze Union, ZipToken, HIPPOTeam, Operation Iron Tiger, Iron Tiger APT, Threat Group-3390, APT27

Description:
The actor has been observed targeting hundreds of organizations all around the world, including U.S. defense contractors, financial services firms, a European drone maker, and a national data center in Central Asia.

This APT group is active since at least 2010 with various purposes, ranging from stealing data about cutting-edge weapons technologies to spying on dissidents and other civilian groups. Palo Alto observed its malicious activity in April 2019 which may indicate the attack group is still active.

References:
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage https://www.secureworks.com/research/bronze-union https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-hacked-government-data-center/ http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/