Deep Panda
Chinese state-sponsored intrusion set assessed to operate on behalf of the Ministry of State Security (MSS). Best known for the OPM breach (discovered May 2014, exfiltration through April 2015) — the largest theft of U.S. government personnel records in history, exposing background-investigation files on roughly 22 million individuals with security clearances — and for the 2014 Anthem health-insurer breach exposing 78.8 million records. The group uses webshells, lateral movement via SMB, and PowerShell-based in-memory execution to maintain long-dwell access to high-value identity repositories.
Aliases
Motivations
Target sectors
Target countries
Diamond Model
Caltagirone / Pendergast / Betz 2013 — four-vertex attribution framework.
MITRE ATT&CK techniques
Timeline
0 eventsIndicators of compromise
0 indicatorsRelated actors
shared ATT&CK techniques- KP · DPRKAndariel2 shared techniques
- IR · IranAPT392 shared techniques
- CN · ChinaAPT412 shared techniques
- CN · ChinaHafnium2 shared techniques
- ?? · UnknownALPHV/BlackCat1 shared technique
- CN · ChinaAPT101 shared technique
References
- G0009 — Deep PandaMITRE ATT&CK
- OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation (House Oversight Committee Staff Report)U.S. House Committee on Oversight and Government Reform · 2016-09-07
- Deep Panda — CrowdStrike Threat Intelligence ProfileCrowdStrike · 2015-06-09
cite this page
Threat Intel Tracker. (2026-05-19). Deep Panda — actor profile. Retrieved from https://threatintel.local/actors/deep-panda