【要点】
◎中国の標的型攻撃組織(Actor)
【目次】
概要
【辞書】
◆Ke3chang (ATT&CK)
https://attack.mitre.org/wiki/Group/G0004
【別名】
| 組織名 | 命名組織・名称使用組織 |
|---|---|
| APT15 | FireEye |
| Vixen Panda | Crowdstrike |
| Nickel | Microsoft |
| Ke3chang | ESET |
| KeChang | |
| Mirage | |
| GREF | |
| Playful Dragon | |
| Playful Taurus | |
| Albacore | iDefense |
| Lurid | iDefense |
| Social Network Team | |
| Enfal | |
| Newtcli | |
| Hellsing | |
| RoyalAPT | |
| BackdoorDiplomacy | |
| Flea | Symantec |
【作戦】
| 作戦名 | 備考 |
|---|---|
| Operation Ke3chang |
【最新情報】
◆Chinese APT15 hackers resurface with new Graphican malware (BleepingComputer, 2023/06/21 06:00)
[中国のAPT15ハッカーが新たなGraphicanマルウェアで再登場]
https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/
⇒ https://malware-log.hatenablog.com/entry/2023/06/21/000000
◆Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries (Symantec, 2023/06/21)
[Graphican: Flea 外国省庁を標的にした攻撃で新たなバックドアを使用]Backdoor leverages Microsoft Graph API for C&C communication.
[バックドアはC&C通信にMicrosoft Graph APIを活用]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15
⇒ https://malware-log.hatenablog.com/entry/2023/06/21/000000_1
記事
【ニュース】
■2018年
◆APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS (nccgroup, 2018/03/10)
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/
⇒ https://malware-log.hatenablog.com/entry/2018/03/10/000000
◆China-Linked APT15 used new backdoors in attack against UK Government’s service provider (Security Affairs, 2018/03/12)
http://securityaffairs.co/wordpress/70140/hacking/apt15-uk-gov-contractor.html
⇒ https://malware-log.hatenablog.com/entry/2018/03/12/000000_4
◆CHINA-LINKED APT15 USED MYRIAD OF NEW TOOLS TO HACK UK GOVERNMENT CONTRACTOR (threatpost, 2018/03/13 12:16)
https://threatpost.com/china-linked-apt15-used-myriad-of-new-tools-to-hack-uk-government-contractor/130376/
⇒ https://malware-log.hatenablog.com/entry/2018/03/13/000000_4
■2019年
◆Ancient ICEFOG APT malware spotted again in new wave of attacks (ZDNet, 2019/06/07 15:30)
ICEFOG malware resurfaces in the arsenal of multiple Chinese cyber-espionage groups, not just one.
https://www.zdnet.com/article/ancient-icefog-apt-malware-spotted-again-in-new-wave-of-attacks/
⇒ https://malware-log.hatenablog.com/entry/2019/06/07/000000_8
■2020年
◆Connection discovered between Chinese hacker group APT15 and defense contractor (ZDNet, 2020/07/02 01:25)
APT15と中国政府の政府防衛請負業者の間に関係
https://www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/
⇒ https://malware-log.hatenablog.com/entry/2020/07/02/000000_6
■2023年
◆Chinese APT15 hackers resurface with new Graphican malware (BleepingComputer, 2022/06/21 06:00)
[中国のAPT15ハッカーが新たなGraphicanマルウェアで再登場]
https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/
⇒ https://malware-log.hatenablog.com/entry/2023/06/21/000000
◆Chinese APT15 hackers resurface with new Graphican malware (BleepingComputer, 2022/06/21 06:00)
[中国のAPT15ハッカーが新たなGraphicanマルウェアで再登場]
https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/
⇒ https://malware-log.hatenablog.com/entry/2023/06/21/000000
【ブログ】
■2011年
◆Trend Micro Exposes LURID APT (Trendmicro, 2011/09/22)
https://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-exposes-lurid-apt/
⇒ https://malware-log.hatenablog.com/entry/2018/03/10/000000
■2019年
◆Okrum: Ke3chang group targets diplomatic missions (Welivesecurity(ESET), 2019/07/18 11:30)
https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/
⇒ https://malware-log.hatenablog.com/entry/2019/07/18/000000_11
■2023年
◆中国の持続的標的型攻撃グループPlayful Taurusによるイランでの活動 (UNIT42(Paloalto), 2023/01/18 11:19)
https://unit42.paloaltonetworks.jp/playful-taurus/
⇒ https://malware-log.hatenablog.com/entry/2023/01/18/000000_3
【資料】
■2020年
◆Mobile APT Surveillance Campaigns Targeting Uyghurs (Lookout, 2020/06)
A collection of long-running Android tooling connected to a Chinese mAPT actor
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
⇒ https://malware-log.hatenablog.com/entry/2020/06/30/000000_8
【検索】
google: APT15
google: APT15 Malware
google: Vixen Panda
google: Nickel
google: Ke3chang
google:news: APT15
google:news: Vixen Panda
google:news: Nickel
google:news: Ke3chang
google: site:virustotal.com APT15
google: site:virustotal.com Vixen Panda
google: site:virustotal.com Nickel
google: site:virustotal.com Ke3chang
■Bing
https://www.bing.com/search?q=APT15
https://www.bing.com/search?q=APT15%20Malware
https://www.bing.com/search?q=Vixen%20Panda
https://www.bing.com/search?q=Nickel
https://www.bing.com/search?q=Ke3chang
https://www.bing.com/news/search?q=APT15
https://www.bing.com/news/search?q=Vixen%20Panda
https://www.bing.com/news/search?q=Nickel
https://www.bing.com/news/search?q=Ke3chang
https://twitter.com/search?q=%23APT15
https://twitter.com/search?q=%23Vixen%20Panda
https://twitter.com/search?q=%23Nickel
https://twitter.com/search?q=%23Ke3chang
https://twitter.com/hashtag/APT15
https://twitter.com/hashtag/Vixen%20Panda
https://twitter.com/hashtag/Nickel
https://twitter.com/hashtag/Ke3chang
【IoT情報】
◆APT15 (2018/03/10)
https://ioc.hatenablog.com/entry/2018/03/10/000000
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
