Ke3chang

Also known as: APT15, GREF, Ke3chang, Mirage, NICKEL, Nylon Typhoon, Playful Dragon, RoyalAPT, Vixen Panda, ke3chang, RedRiver, VIXEN PANDA, Ke3Chang, Metushy, Lurid, Social Network Team, Royal APT, BRONZE PALACE, BRONZE DAVENPORT, BRONZE IDLEWOOD, G0004, Red Vulture

Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010. Mandiant Operation Ke3chang November 2014 NCC Group APT15 Alive and Strong APT15 Intezer June 2018 Microsoft NICKEL December 2021

🌍 Country China

🎯 Incident Type Espionage

🧭 ATT&CK G0004

Government, Administration Government

Targeted Victims

European Union India United Kingdom Germany

Introduction

Activities and Tactics

Targeted Sectors: Government, Administration, Government

Country of Origin: 🇨🇳 China

Incident Type: Espionage

Suspected Victims: European Union, India, United Kingdom, Germany

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

China Chopper:

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] Mandiant Operation Ke3chang November 2014 [3] NCC Group APT15 Alive and Strong [4] APT15 Intezer June 2018 [5] Microsoft NICKEL December 2021

Source Attribution

Structured source: MISP Galaxy

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium