Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source

Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source Natto Thoughts Subscribe Sign in Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source China has its own ecosystem of scanning tools, whether for good or ill. Natto Team Sep 04, 2024 ∙ Paid 11 4 Share At the end of May, the Natto Team looked into threat group APT41’s reconnaissance techniques and toolkit . As we continue our ongoing research on Chinese threat groups, we discovered several other Chinese threat groups using similar reconnaissance techniques and tools to those APT41 used, such as Nmap, a free and open-source network scanner. We also came across reconnaissance techniques and scanning tools that were unique to some of the Chinese threat groups. In addition, like APT41, Chinese threat groups heavily use open-source and locally developed tools, whether well-known security tools or customized malware. Tools, malware, threat groups and threat campaigns mentioned in this report. Source: Natto Thoughts APT10, GALLIUM and Stately Taurus Use NBTscan or Modified NBTscan – a Tool That Has Appeared Repeatedly Over Ten Years At least three Chinese state threat groups, including APT10 (a.k.a menuPass , Stone Panda, POTASSIUM (Purple Typhoon); GALLIUM (a.k.a Granite Typhoon), and Stately … Continue reading this post for free, courtesy of Natto Team. Claim my free post Or purchase a paid subscription. Previous Next © 2026 Natto Thoughts · Privacy ∙ Terms ∙ Collection notice Start your Substack Get the app Substack is the home for great culture