Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT15 – Vixen Panda – CHINA

August 10, 2021
Reading Time: 2 mins read
in APT
APT23 – Pirate Panda – CHINA

APT15 has targeted organizations headquartered in multiple locations, including a number of European countries, the U.S., and South Africa. APT15 operators share resources, including backdoors as well as infrastructure, with other Chinese APTs. Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted several industries, including oil, government, military, and more.

Name: Ke3chang (FireEye), Vixen Panda (CrowdStrike) APT 15 (Mandiant) GREF (SecureWorks) Bronze Palace (SecureWorks) Bronze Davenport (SecureWorks) Bronze Idlewood (SecureWorks) CTG-9246 (SecureWorks) Playful Dragon (FireEye) Royal APT (NCC Group) Metushy (?) Social Network Team (?)

Location: China

Suspected attribution:  China – State-sponsored

Date of initial activity: 2010

Targets: Global targets in the trade, economic and financial, energy, and military sectors in support of Chinese government interests

Motivation: Information theft and espionage

Associated malware: BS2005, CarbonSteal, Cobalt Strike, DarthPusher, DoubleAgent, GoldenEagle, HenBox, HighNoon, Ketrican, Ketrum, Mimikatz, MirageFox, MS Exchange Tool, Okrum, PluginPhantom, ProcDump, PsList, RoyalCli, RoyalDNS, SilkBean, spwebmember, SpyWaller, TidePool, Winnti, XSLCmd, Living off the Land.

Attack vectors:  APT15 typically uses well-developed spear phishing emails for Initial Compromise against global targets in various sectors that are of interest to the Chinese government. Significantly, APT15 use backdoors and infrastructure that is not unique to the group, making attribution challenging.

How they work:  FireEye researchers have discovered a cyber espionage campaign, which they called “Ke3chang,” that falsely advertises information updates about the ongoing crisis to compromise MFA networks in Europe. They believe that the Ke3chang attackers are operating out of China and have been active since at least 2010. However, we believe specific Syria-themed attacks against MFAs (codenamed by Ke3chang as “moviestar”) began only in August 2013. The timing of the attacks precedes a G20 meeting held in Russia that focused on the crisis in Syria.

Diplomatic missions, including ministries of foreign affairs (MFA), are high-priority targets for today’s cyber spies. Large-scale cyber espionage campaigns such as “GhostNet” have demonstrated that government agencies around the world, including embassies, are vulnerable to targeted cyber attacks.

The Ke3chang attackers have been active since at least 2010. Tracking their activity over time has revealed information on their targeting preferences and the malware tools they use. The attackers have used three types of malware over the years and have traditionally targeted the aerospace, energy, government, high-tech,  consulting services, and chemicals/manufacturing/mining sectors.

Tags: Advanced Persistent ThreatAPT15ChinaVixen Panda
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial