Flea

Threat Actor updated 4 months ago (2024-05-04T17:17:56.204Z)

Download STIX

Preview STIX

Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backdoor maintains the same basic functionality as its predecessor but leverages Microsoft Graph API and OneDrive to establish its command-and-control (C&C) infrastructure. The Threat Hunter Team at Symantec, part of Broadcom, detailed this recent activity, highlighting Flea's continued malicious activities. In 2023, Flea notably targeted American ministries using the Graphican backdoor, demonstrating the group's focus on governmental entities. They are identified as a state-sponsored actor, suggesting that their actions align with certain strategic interests of the Chinese government. The Graphican backdoor is a powerful tool that enables Flea to infiltrate target networks, steal sensitive information, and potentially disrupt operations, emphasizing the severity of the threat posed by this actor. The name Flea also has historical connotations related to scavenging and repurposing found equipment, akin to the flea market concept. This might hint at the group's adaptability and resourcefulness in exploiting available resources for their operations. However, it's important to note that the naming conventions in the cybersecurity industry can be somewhat arbitrary and do not necessarily reflect the actual characteristics or methodologies of the threat actors.

Description last updated: 2024-05-04T16:41:14.758Z

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Flea Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	4 months ago	Dark Reading Confidential: The CISO and the SEC
CERT-EU	10 months ago	Revive A Sony Vaio P-Series With KiCad’s Background Bitmaps
DARKReading	2 years ago	Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer
CERT-EU	a year ago	Les dernières cyberattaques détectées \| 27 juin 2023
CERT-EU	a year ago	A history of metaphors for the internet
Naked Security	2 years ago	NPM JavaScript packages abused to create scambait links in bulk
CERT-EU	a year ago	Cyber security week in review: June 23, 2023
CERT-EU	a year ago	China-Linked 'Flea' Hacking Group Tied to Cyberattacks on Foreign Ministries \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Novel Graphican backdoor leveraged in Chinese APT attacks against foreign ministries
CERT-EU	a year ago	China-sponsored APT group targets government ministries in the Americas
CERT-EU	a year ago	Graphican: Flea uses new backdoor in attacks targeting Foreign Ministries – Cyber Security Review
CERT-EU	a year ago	Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU	a year ago	Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor – GIXtools
CERT-EU	a year ago	Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor