| ID | Votes | Profile Description |
|---|---|---|
| APT15 | 2 | APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I |
| GREF | 1 | GREF, a China-aligned Advanced Persistent Threat (APT) group, has been identified as the orchestrator of two active Android malware campaigns. The campaigns have been distributing a malicious software called BadBazaar via two applications, Signal Plus Messenger and FlyGram, through the Google Play s |
| Playful Dragon | 1 | Playful Dragon, also known as APT15, Ke3chang, Mirage, Vixen Panda, GREF, Flea, Nickel, and Royal APT, is a notable threat actor in the cybersecurity sphere. This group has been identified by cybersecurity professionals as being behind numerous malicious activities with a history of targeting govern |
| Apt25 | 1 | APT25, also known as Uncool, Vixen Panda, Ke3chang, Sushi Roll, and Tor, is a threat actor suspected to be attributed to China. This group has targeted sectors such as defense industrial base, media, financial services, and transportation in the U.S. and Europe. They are associated with several type |
| Vixen Panda Gref | 1 | None |
| Vixen Panda | 1 | Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat |
| Flea | 1 | Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backd |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Ketrican | Unspecified | 2 | Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers |
| graphican | Unspecified | 1 | Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202 |
| Emissary | Unspecified | 1 | Emissary is a malicious software (malware) known for its damaging and exploitative characteristics. The malware operates as a Trojan, named Emissary, that infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can disrupt operatio |
| Okrum | Unspecified | 1 | Okrum is a malware that belongs to the Ke3chang Group's arsenal of malicious tools. It is a sophisticated program designed to infiltrate computer systems and carry out harmful activities. Okrum has been identified as an evolution of the Flea backdoor named Ketrican, combining features from both Ketr |
| Taurus | Unspecified | 1 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Mustang Panda | Unspecified | 4 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| APT31 | Unspecified | 2 | APT31, also known as Zirconium, is a threat actor group believed to be sponsored by the Chinese government. This group has been implicated in various cyber espionage activities across the globe. One of their notable exploits includes the cloning and use of an Equation Group exploit, EpMe (CVE-2017-0 |
| GALLIUM | Unspecified | 2 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| APT27 | Unspecified | 2 | APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario |
| APT30 | Unspecified | 2 | APT30, a threat actor suspected to be attributed to China, has been active since at least 2005. This group primarily targets members of the Association of Southeast Asian Nations (ASEAN). APT30 is notable for its sustained activity over an extended period and its ability to adapt and modify source c |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Venomous Bear | Unspecified | 1 | Venomous Bear, also known as Turla, Urobouros, Snake, and other names, is a threat actor group attributed to Center 16 of the Federal Security Service (FSB) of the Russian Federation. The group has been active since at least 2004, targeting diplomatic and government organizations, as well as private |
| Tropic Trooper | Unspecified | 1 | Tropic Trooper, a threat actor with suspected ties to China, has been identified as a significant cybersecurity concern. Their activities date back to at least 2013, when Trend Micro noted similarities in the encoding algorithms used by Tropic Trooper's malware and the KeyBoy versions from that year |
| APT41 | Unspecified | 1 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Sword2033 | Unspecified | 1 | Sword2033 is a new and previously undocumented backdoor tool used by the China-linked threat actor known as Alloy Taurus. This group, also referred to as GALLIUM or Softcell, has been actively targeting Linux systems with a variant of the PingPull backdoor, while also deploying Sword2033 in their op |
| Ghostnet | Unspecified | 1 | GhostNet, a threat actor identified as a significant cybersecurity concern, was uncovered in 2009 as a cyber espionage operation that infiltrated computers across 103 countries. The operation demonstrated the vulnerability of government agencies and embassies worldwide to targeted cyber attacks. In |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| MITRE | a year ago | APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS |
| CERT-EU | 10 months ago | Multiple Chinese APTs are attacking European targets, EU cyber agency warns | #ukscams | #datingscams | #european | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting |
| CERT-EU | 10 months ago | My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online |
| BankInfoSecurity | a year ago | Chinese APT Uses Fake Messenger Apps to Spy on Android Users |
| CrowdStrike | a year ago | CrowdStrike Scores 100% in SE Labs 2023 Q2 EAS Test | CrowdStrike |
| CERT-EU | a year ago | Stay informed with threat reports |
| CERT-EU | a year ago | Novel Graphican backdoor leveraged in Chinese APT attacks against foreign ministries |
| CERT-EU | a year ago | Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor |
| MITRE | a year ago | Operation “Ke3chang”: Targeted attacks against ministries of foreign affairs | Mandiant |
| Unit42 | a year ago | Chinese Playful Taurus Activity in Iran |
| CERT-EU | a year ago | EU Organizations Warned of Chinese APT Attacks |
| Securityaffairs | a year ago | ENISA and CERT-EU warns Chinese APTs targeting EU organizations |
| CERT-EU | a year ago | Europa vermehrt im Visier chinesischer und russischer Ausspähversuche | ZDNet.de |
| DARKReading | a year ago | ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU |
| ESET | a year ago | ESET APT Activity Report Q4 2022–Q1 2023 | WeLiveSecurity |