One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The grou...

Threat Actor Profile

TiltedTemple

State-sponsored threat group originating from CN.

Real-Time Alerts

Actor Overview

Origin Country
CN

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on TiltedTemple is published.

Actor Details

Primary Name
TiltedTemple
Known Aliases
DEV-0322, Circle Typhoon
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →