NICKEL

Threat Actor updated 23 days ago (2024-11-29T13:53:08.527Z)
Download STIX
Preview STIX
Nickel is a notable threat actor in the cybersecurity realm, associated with various other groups including Playful Taurus, APT15, BackdoorDiplomacy, Vixen Panda, and Andariel (also known as APT45, Nickel Hyatt, Onyx Sleet, Silent Chollima, Stonefly, and TDrop2). This group has been actively involved in several malicious activities, notably targeting critical Active Directory assets such as the NTDS.dit file, the KRBTGT service account, and Active Directory certificates. The group's recent shift towards ransom demands marks a significant departure from their earlier schemes, with one incident involving a six-figure cryptocurrency ransom to prevent the publication of stolen documents. Furthermore, the technical and behavioral characteristics of North Korean IT workers align with previous fraud campaigns carried out by this group, now referred to as the "Nickel Tapestry" threat group. On another front, nickel, as a commodity, has been under scrutiny due to illicit activities in Indonesia, the world's largest producer of the metal. Investigations have revealed instances of 'illegal' nickel laundering where companies mined without licenses and sold the material to processing plants using documents from other companies. This surge in production and subsequent suppression of nickel and zinc prices is primarily driven by the increasing global demand for batteries, particularly for electric vehicles, and the rapid industrial production in Indonesia and China. Technological developments in data protection have also seen the use of nickel, specifically in the form of nickel nanofiche. Although not yet presented as a commercial archiving technology, it is among several extreme duration technologies favored for data storage, alongside glass-based technologies like Cerabyte and Microsoft’s Project Silica. These advancements represent potential tape replacement possibilities, further solidifying the importance of nickel in both technological and industrial realms.
Description last updated: 2024-10-21T08:31:52.241Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT15 is a possible alias for NICKEL. APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
3
Vixen Panda is a possible alias for NICKEL. Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Microsoft
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Badbazaar Malware is associated with NICKEL. BadBazaar is a malicious software, or malware, employed by EvilBamboo, a threat actor group. This malware is part of three Android spyware families developed by the group, including BADBAZAAR, BADSIGNAL, and BADSOLAR. These are custom-built to target adversaries of the Chinese Communist Party (CCP).Unspecified
2
Source Document References
Information about the NICKEL Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
2 months ago
DARKReading
5 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago