Playful Dragon

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Playful Dragon, also known as APT15, Ke3chang, Mirage, Vixen Panda, GREF, Flea, Nickel, and Royal APT, is a notable threat actor in the cybersecurity sphere. This group has been identified by cybersecurity professionals as being behind numerous malicious activities with a history of targeting government entities, diplomatic missions, and embassies. Their actions are believed to be primarily focused on intelligence gathering, posing significant risks to national security and sensitive information. In recent years, Playful Dragon's activities have broadened to include attacks against diplomatic organizations, government organizations, and non-governmental organizations (NGOs). Their modus operandi involves the use of sophisticated backdoor exploits for unauthorized access and control over targeted systems. Symantec researchers detailed these activities in a blog post on June 21, highlighting the group's evolving tactics and persistent threat. Last June, an incident involving a new exploit named Backdoor.Graphican was reported. This backdoor was used by Playful Dragon against foreign affairs ministries in the Americas, marking a resurgence of the group's activities. The attack underscores the ongoing threat posed by this group, emphasizing the need for increased vigilance and robust cybersecurity measures among potential target organizations.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT15
2
APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Ke3chang
1
Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Vixen Panda GrefUnspecified
1
None
Source Document References
Information about the Playful Dragon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
2 months ago
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft
DARKReading
a year ago
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks
MITRE
a year ago
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer
MITRE
a year ago
APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS