APT31 — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
14
occurrences
First Seen
December 19, 2025
Last Seen
May 5, 2026

APT31 is a apt_group tracked across 5 threat clusters and 14 intelligence report mentions on ThreatCluster. First observed December 19, 2025; most recent activity May 5, 2026.

Related Threat Clusters

  • LongNosedGoblin and UAT-8302: New China-Aligned APT Threats Targeting Governments

    In 2024, ESET identified a new China-aligned APT group named LongNosedGoblin, which targets governmental entities in Southeast Asia and Japan. The group employs a custom toolset, primarily using C#/.NET applications, to…

    8 articles · Updated May 5, 2026
  • APT36's Ongoing Espionage Campaign Against Indian Government

    APT36, also known as Transparent Tribe, has been conducting persistent cyber espionage campaigns against the Indian government and defense organizations for over a decade. This espionage ecosystem, which includes the…

    2 articles · Updated February 10, 2026
  • UK Foreign Office Hacked; Chinese Group Suspected

    The UK Foreign Office was hacked in October, with government data reportedly stolen. Trade Minister Chris Bryant confirmed the breach and stated that the risk to individuals is considered low. Investigations are…

    25 articles · Updated December 19, 2025
  • State-Sponsored Hackers Exploit Google's Gemini AI for Cyberattacks

    State-backed hackers from China, Iran, North Korea, and Russia are utilizing Google's Gemini AI model to facilitate various stages of cyberattacks, including reconnaissance and post-compromise actions. Notably, the…

    162 articles · Updated February 12, 2026
  • Rise in AI Model Theft and Misuse by Threat Actors

    Google's Threat Intelligence Group (GTIG) reports an increase in attempts to extract and replicate AI model logic, with state-backed and financially motivated attackers leveraging generative AI for reconnaissance,…

    13 articles · Updated February 12, 2026

Recent Intelligence Reports

  • CloudSorcerer backdoor — securelist.com · May 5, 2026
  • Google fears massive attempt to clone Gemini AI through model extraction — Csoonline · February 13, 2026
  • Adversaries Exploiting Proprietary AI Capabilities, API Traffic to Scale Cyberattacks — Thecyberexpress · February 13, 2026
  • State-Sponsored Hackers Turn Google's AI Into Full-Spectrum Attack Assistant — Uctoday · February 12, 2026
  • Google: China's APT31 used Gemini to plan cyberattacks against US orgs — Theregister · February 12, 2026
  • GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use — Mandiant · February 12, 2026
  • Nation-State Hackers Embrace Gemini AI for Malicious Campaigns, Google Finds — Infosecurity-Magazine · February 12, 2026
  • Google warns of AI model theft & state-backed misuse — Itbrief.Au · February 12, 2026

CVSS v3.1 Breakdown