vertigo_panda

Also known asVertigo Panda

Vertigo Panda is a China-nexus threat actor identified by CrowdStrike. In the provided content, the group is described as using USB-based exploits and conducting activity designed to steal intellectual property in support of China’s industrial and technological ambitions. The content places Vertigo Panda among Chinese state-sponsored actors expanding targeting in Europe. No additional aliases or sub-groups are directly mentioned beyond Vertigo Panda.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

19 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

11 of 15 tactics36 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0043

Reconnaissance

1 technique

T1598

Phishing for Information

TA0042

Resource Development

2 techniques

T1583

Acquire Infrastructure

T1583.001

Domains

T1584

Compromise Infrastructure

TA0001

Initial Access

2 techniques

T1078

Valid Accounts

T1078.004

Cloud Accounts

T1566

Phishing

T1566.002×3

Spearphishing Link

TA0002

Execution

3 techniques

T1059

Command and Scripting Interpreter

T1059.003

Windows Command Shell

T1127

Trusted Developer Utilities Proxy Execution

T1127.001

MSBuild

T1204

User Execution

T1204.002

Malicious File

TA0003

Persistence

2 techniques

T1078

Valid Accounts

T1078.004

Cloud Accounts

T1547

Boot or Logon Autostart Execution

T1547.009

Shortcut Modification

TA0004

Privilege Escalation

2 techniques

T1078

Valid Accounts

T1078.004

Cloud Accounts

T1547

Boot or Logon Autostart Execution

T1547.009

Shortcut Modification

TA0005

Stealth

5 techniques

T1027

Obfuscated Files or Information

T1036

Masquerading

T1078

Valid Accounts

T1078.004

Cloud Accounts

T1127

Trusted Developer Utilities Proxy Execution

T1127.001

MSBuild

T1497

Virtualization/Sandbox Evasion

TA0006

Credential Access

1 technique

T1056

Input Capture

TA0007

Discovery

2 techniques

T1082

System Information Discovery

T1497

Virtualization/Sandbox Evasion

TA0009

Collection

2 techniques

T1056

Input Capture

T1560

Archive Collected Data

TA0011

Command and Control

2 techniques

T1105

Ingress Tool Transfer

T1573

Encrypted Channel

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

techrepublic com securityNews

Nov 7, 2025

Crowdstrike: AI Accelerating Ransomware Attacks Across Europe

Vertigo Panda is a China-nexus group using USB-based exploits to steal intellectual property from European organizations, supporting China's industrial and technological goals.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping19

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.