NICKEL

Threat Actor updated 25 days ago (2024-08-14T10:18:13.410Z)

Download STIX

Preview STIX

Nickel is a notable threat actor in the cybersecurity landscape, associated with several nation-state affiliated groups such as FIN6, APT15, BackdoorDiplomacy, Vixen Panda, and Emissary Panda. This group has been actively targeting critical Active Directory assets, notably the NTDS.dit file, the KRBTGT service account, and Active Directory certificates. Furthermore, Nickel has been linked to Hyok, a member of the hacking crew known as Andariel (also referred to as APT45, Nickel Hyatt, Onyx Sleet, Silent Chollima, Stonefly, and TDrop2), who is allegedly behind cyberattacks involving a ransomware strain named "Maui," which targeted organizations in the US and Japan as early as 2022. In parallel, nickel, as a commodity, has seen significant activity in recent years. The prices of nickel and zinc peaked in 2022, but increased production from Indonesia and China is expected to suppress prices moving forward. Indonesia, with its $1.2 trillion economy, is the largest global producer of nickel, much of which is mined and processed by Chinese companies. However, there have been allegations of illegal nickel laundering in Indonesia, where companies are accused of mining without licenses and selling the material to processing plants using documents from other companies. On the technology front, developments in data protection have been largely focused on archival technologies, with nickel nanofiche being one of several extreme duration technologies favored. Other technologies include glass - Cerabyte and Microsoft’s Project Silica - as well as a 50 TB tape from IBM and a spun-down disk approach from Disk Archive Corp. While the two glass slab technologies are not yet commercially available, they represent potential tape replacement possibilities. Despite these advancements, nickel nanofiche is not being presented as a commercial archiving technology.

Description last updated: 2024-08-14T09:22:04.666Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT15	3	APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Vixen Panda	2	Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Badbazaar	Unspecified	2	BadBazaar is a malicious software, or malware, employed by EvilBamboo, a threat actor group. This malware is part of three Android spyware families developed by the group, including BADBAZAAR, BADSIGNAL, and BADSOLAR. These are custom-built to target adversaries of the Chinese Communist Party (CCP).

Source Document References

Information about the NICKEL Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a month ago	US Offers $10M Reward for Information on North Korean Hacker
CERT-EU	6 months ago	Senator Wyden Reminds White House Feckless Regulators Have Resulted In Pathetic Security On U.S. Wireless Networks
CERT-EU	6 months ago	President Biden Should Congratulate Indonesia’s Prabowo Now
CERT-EU	8 months ago	Data protection in 2023 was all about resilience – Blocks and Files \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Ten business trends for 2024, and forecasts for 15 industries
CERT-EU	9 months ago	Pro-China Propaganda, Espionage Tools, Green Illusion: 2023’s Best Investigative Stories from Southeast Asia
CERT-EU	10 months ago	TransAlta and BHP Announce Commercial Operation of Innovative Hybrid Renewables Facility to Power Remote Mining Operations in Western Australia
CERT-EU	10 months ago	Techrights — Links 19/11/2023: More Trouble in Microsoft's 'Open'AI and Amazon's Listening Devices
CERT-EU	10 months ago	Indonesia’s Jokowi Urges Biden to ‘Do More’ to Halt Gaza Atrocities
CERT-EU	10 months ago	Indonesian President Widodo urges Biden to 'do more' to stop Gaza 'atrocities'
CERT-EU	10 months ago	Indonesia and US set to upgrade ties as Biden meets Widodo, say Washington officials
CERT-EU	10 months ago	Domain of Thrones: Part I
CERT-EU	10 months ago	Australia, US leaders to discuss Pacific infrastructure, critical minerals
DARKReading	a year ago	A Frontline Report of Chinese Threat Actor Tactics and Techniques
CERT-EU	a year ago	Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU	a year ago	Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU	a year ago	Update your iPhone now to patch a major 'Pegasus' vulnerability
CERT-EU	a year ago	BadBazaar: Chinese Spyware Shams Signal, Telegram Apps
DARKReading	a year ago	Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps
CERT-EU	a year ago	Leftover Links 21/08/2023: Education Crisis and Demise of Robotaxis