APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

ID: G0025
Associated Groups: Deputy Dog
Version: 1.1
Created: 31 May 2017
Last Modified: 13 October 2020

Associated Group Descriptions

Name Description
Deputy Dog


Techniques Used

Domain ID Name Use
Enterprise T1583 .006 Acquire Infrastructure: Web Services

APT17 has created profile pages in Microsoft TechNet that were used as C2 infrastructure.[1]

Enterprise T1585 Establish Accounts

APT17 has created and cultivated profile pages in Microsoft TechNet. To make profile pages appear more legitimate, APT17 has created biographical sections and posted in forum threads.[1]