Also tracked as APT27, TG-3390, Bronze Union, and Lucky Mouse, the threat group has been active since at least 2010, targeting hundreds of organizations worldwide, including U.S. defense contractors, financial services firms, a European drone maker, and a national data center in Central Asia, among others.
Emissary Panda activity observed in April 2019 involved the installation of webshells on SharePoint servers, likely in an attempt to exploit the recently patched remote code execution vulnerability in SharePoint tracked as CVE-2019-0604.