NICKEL

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focused on critical Active Directory assets, including the NTDS.dit file, the KRBTGT service account, and Active Directory certificates. The cybersecurity landscape continues to evolve with ongoing exploitation of flaws like the SS7, which allows illicit spying on wireless users globally. Furthermore, the lack of privacy and security standards in the Internet of Things (IoT) and satellite communication networks amplifies the potential for threat actors like Nickel to exploit these vulnerabilities. In the economic realm, Nickel's influence is also evident. The prices of nickel and zinc peaked in 2022, but increased production from Indonesia and China is expected to suppress prices. Indonesia, boasting a $1.2 trillion economy, is the world's largest producer of nickel, with many Chinese companies involved in mining and processing. However, an investigation by Tempo revealed evidence of illegal nickel laundering, where several companies mined without licenses and sold the material to processing plants using documents from other firms. The rising global demand for nickel, particularly for use in electric vehicle batteries, is fueling increased production and potentially illegal activities. Concurrently, data protection development is advancing in the archive arena, with technologies like nickel nanofiche from the Arch Mission Foundation gaining traction. Although not yet commercialized, this technology represents potential tape replacement possibilities. It's crucial to consider these multifaceted implications of nickel, both as a cybersecurity threat actor and a key player in global economic and environmental dynamics.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT15
3
APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Vixen Panda
2
Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat
BackdoorDiplomacy
1
BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, KeChang, and NICKEL, is a threat actor group associated with Chinese cyber espionage campaigns. This group has been particularly active in Africa, targeting high-priority organizations in telecommunications, finance, and government
Playful Taurus
1
Playful Taurus is a notable threat actor in the cybersecurity landscape, known for its malicious activities against government and diplomatic entities across North and South America, Africa, and the Middle East. The group continually adapts its tactics and tools, showcasing an evolving strategy that
Kechang
1
None
Flea
1
Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backd
Nylon Typhoon
1
Nylon Typhoon, previously known as NICKEL, is a threat actor that Microsoft actively monitors due to its malicious cyber activities. This group, originally founded in China, is notorious for executing actions with harmful intent, primarily leveraging exploits against unpatched systems to compromise
Emissary Panda
1
Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa
FIN6
1
FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Microsoft
Apt
Backdoor
Payload
Exploit
Vulnerability
Scam
Spearphishing
Windows
Reconnaissance
Sharepoint
Exploits
China
Vpn
Indonesia
Australia
Symantec
Espionage
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BadbazaarUnspecified
2
BadBazaar is a malicious software (malware) developed by EvilBamboo, a hacker group that primarily targets the Uyghur community in China and abroad, including Turkey and Afghanistan. This malware, along with two others named BADSIGNAL and BADSOLAR, is designed to exploit Android devices through dece
TaurusUnspecified
2
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
NeoichorUnspecified
1
Neoichor is a type of malware used by NICKEL for command and control, along with other malware families Leeson, NumbIdea, NullItch, and Rokum. Malware is harmful software that can infect a system through suspicious downloads, emails, or websites and can steal personal information or disrupt operatio
graphicanUnspecified
1
Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202
KetricanUnspecified
1
Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GALLIUMUnspecified
1
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
NICKEL ACADEMYUnspecified
1
Nickel Academy is a threat actor, known for its malicious campaigns. In November 2017, the North Korean cyber threat group, known as the Lazarus Group, launched a spearphishing campaign using a job opening for a CFO role at a European-based cryptocurrency company as bait. CTU researchers discovered
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
ZINCUnspecified
1
Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the NICKEL Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Senator Wyden Reminds White House Feckless Regulators Have Resulted In Pathetic Security On U.S. Wireless Networks
CERT-EU
5 months ago
President Biden Should Congratulate Indonesia’s Prabowo Now
CERT-EU
6 months ago
Data protection in 2023 was all about resilience – Blocks and Files | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Ten business trends for 2024, and forecasts for 15 industries
CERT-EU
7 months ago
Pro-China Propaganda, Espionage Tools, Green Illusion: 2023’s Best Investigative Stories from Southeast Asia
CERT-EU
8 months ago
TransAlta and BHP Announce Commercial Operation of Innovative Hybrid Renewables Facility to Power Remote Mining Operations in Western Australia
CERT-EU
8 months ago
Techrights — Links 19/11/2023: More Trouble in Microsoft's 'Open'AI and Amazon's Listening Devices
CERT-EU
8 months ago
Indonesia’s Jokowi Urges Biden to ‘Do More’ to Halt Gaza Atrocities
CERT-EU
8 months ago
Indonesian President Widodo urges Biden to 'do more' to stop Gaza 'atrocities'
CERT-EU
8 months ago
Indonesia and US set to upgrade ties as Biden meets Widodo, say Washington officials
CERT-EU
9 months ago
Domain of Thrones: Part I
CERT-EU
9 months ago
Australia, US leaders to discuss Pacific infrastructure, critical minerals
DARKReading
9 months ago
A Frontline Report of Chinese Threat Actor Tactics and Techniques
CERT-EU
10 months ago
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU
10 months ago
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU
10 months ago
Update your iPhone now to patch a major 'Pegasus' vulnerability
CERT-EU
a year ago
BadBazaar: Chinese Spyware Shams Signal, Telegram Apps
DARKReading
a year ago
Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps
CERT-EU
a year ago
Leftover Links 21/08/2023: Education Crisis and Demise of Robotaxis
CERT-EU
a year ago
New database quantifies materials needed to meet big clean energy goals