APT19 (DEEP PANDA): A Persistent China-Aligned Espionage and Credential Theft Actor

**APT19 (Deep Panda)** is a China-aligned, hybrid espionage and credential-theft actor active since at least 2013 that conducts sustained phishing, web compromise (web shells), and credential harvesting campaigns—often targeting governments, technology and defense firms, and managed service providers across the United States, Europe, and East Asia—to maintain long-term access and facilitate resale or reuse of credentials for intelligence collection.