Titan Rain
Titan Rain is the codename used by U.S. officials for a growing number of Chinese cyber attacks observed over multiple years. The activity was notably directed at the Pentagon and other U.S. government departments, and reporting cited in the content states that in 2005 Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as Titan Rain. Mentioned targets include U.S. defense contractors, the Army Information Systems Engineering Command, the Defense Information Systems Agency, the Naval Ocean Systems Center, and the U.S. Army Space and Strategic Defense installation. Supporting reporting also links broader Chinese intrusions against British government departments and a Pentagon-related email system intrusion to actors that officials believed were linked to, or attributable to, the People’s Liberation Army. The content characterizes the activity as persistent and serious, but does not provide specific malware families, sub-groups, or detailed TTPs beyond network intrusions targeting government and defense networks. Known alias in the provided content: titan_rain.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Military
Where they target
Geographies tied to known operations.
- 🇬🇧 United Kingdom
- 🇺🇸 United States
- 🇩🇪 Germany
Where they're from
Attributed origin per open-source reporting.
- CN
Tradecraft
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
20 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
China-attributed cyber-espionage operation targeting U.S. Department of Defense networks and U.S. defense contractors to steal sensitive military information.
Named intrusion campaign targeting U.S. DoD networks and U.S. defense contractors for large-scale espionage and data theft.
Named intrusion campaign targeting U.S. DoD networks and U.S. defense contractors, involving large-scale network compromise and data theft (espionage).
Cyber-espionage activity cluster attributed to China targeting U.S. Department of Defense networks and U.S. defense contractors to steal sensitive military information.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.