Chinese Threat Group Targets Diplomatic Missions
The Ke3chang cyberespionage group (aka APT15, Mirage, Playful Dragon or Vixen Panda) has been tied to a backdoor called Okrum that is used against diplomatic missions throughout Europe and Latin America. Ke3chang first surfaced in 2010 and was known to deploy customised malware like Ketrican backdoors and Royal DNS. The group has continued to improve its toolset with the addition of the Okrum backdoor that is observed to be fetching Ketrican samples during an espionage campaign in 2017. Okrum is equipped with a basic set of backdoor commands and relies on manually typing shell commands and executing external tools for most of its malicious activity.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services