At the end of May, the Natto Team looked into threat group APT41’s reconnaissance techniques and toolkit. As we continue our ongoing research on Chinese threat groups, we discovered several other Chinese threat groups using similar reconnaissance techniques and tools to those APT41 used, such as Nmap, a free and open-source network scanner. We also came across reconnaissance techniques and scanning tools that were unique to some of the Chinese threat groups. In addition, like APT41, Chinese threat groups heavily use open-source and locally developed tools, whether well-known security tools or customized malware.

APT10, GALLIUM and Stately Taurus Use NBTscan or Modified NBTscan – a Tool That Has Appeared Repeatedly Over Ten Years

At least three Chinese state threat groups, including APT10 (a.k.a menuPass, Stone Panda, POTASSIUM (Purple Typhoon); GALLIUM (a.k.a Granite Typhoon), and Stately …