Vixen Panda

Threat Actor updated 4 months ago (2024-05-04T18:38:42.038Z)
Download STIX
Preview STIX
Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomatic missions, and embassies globally for likely intelligence-gathering purposes. The group's advanced persistent threat activities have given them a reputation within the cybersecurity community, highlighting their potential for causing substantial damage to their victims. The group has been associated with a malware called BadBazaar, which has been attributed to APT15 by several vendors. This malware poses a significant risk due to its sophisticated design and the potential for high-impact breaches. It's part of the arsenal that enables Vixen Panda to execute their malicious operations effectively, further emphasizing the severity of the threat they pose to security systems worldwide. Jai Vijayan, a well-respected voice in the cybersecurity community, has provided additional clarity on the matter, confirming the link between BadBazaar and Vixen Panda. This connection underscores the importance of understanding the various identities under which this threat actor operates. Given the potential for significant impact on victims, it is crucial for organizations, particularly those in government and diplomatic sectors, to remain vigilant against threats from Vixen Panda and similar groups.
Description last updated: 2023-10-10T19:03:10.148Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
NICKEL
2
Nickel is a notable threat actor in the cybersecurity landscape, associated with several nation-state affiliated groups such as FIN6, APT15, BackdoorDiplomacy, Vixen Panda, and Emissary Panda. This group has been actively targeting critical Active Directory assets, notably the NTDS.dit file, the KRB
APT15
2
APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
BadbazaarUnspecified
2
BadBazaar is a malicious software, or malware, employed by EvilBamboo, a threat actor group. This malware is part of three Android spyware families developed by the group, including BADBAZAAR, BADSIGNAL, and BADSOLAR. These are custom-built to target adversaries of the Chinese Communist Party (CCP).
Source Document References
Information about the Vixen Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
BadBazaar: Chinese Spyware Shams Signal, Telegram Apps
DARKReading
a year ago
Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps
CERT-EU
a year ago
China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor
CERT-EU
a year ago
Chinese Hackers APT15 Use New Backdoor Malware to Target American Ministries
CERT-EU
a year ago
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU
a year ago
Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
CERT-EU
a year ago
В кибератаке на МИД Словении подозревают хакеров из Китая