Poisonous Panda is a Chinese threat actor specializing in cyber-espionage, primarily targeting government and private sector organizations. The group conducts prolonged campaigns, leveraging spear-phishing emails and zero-day exploits for initial access and employing custom backdoors to maintain long-term presence. They are known for targeting organizations holding high-value intelligence. The group has shown an evolution in tactics, recently increasing their use of legitimate system tools (living-off-the-land techniques) to evade detection and adopting more sophisticated spear-phishing, including compromised email accounts. Poisonous Panda is distinct from groups like APT10 and MenuPass, though they are often related in discussions of Chinese state-sponsored activities.