Government

Chinese Threat Group Targets Diplomatic Missions

16 - 23 July 2019

The Ke3chang cyberespionage group (aka APT15, Mirage, Playful Dragon or Vixen Panda) has been tied to a backdoor

The Ke3chang cyberespionage group (aka APT15, Mirage, Playful Dragon or Vixen Panda) has been tied to a backdoor called Okrum that is used against diplomatic missions throughout Europe and Latin America. Ke3chang first surfaced in 2010 and was known to deploy customised malware like Ketrican backdoors and Royal DNS. The group has continued to improve its toolset with the addition of the Okrum backdoor that is observed to be fetching Ketrican samples during an espionage campaign in 2017. Okrum is equipped with a basic set of backdoor commands and relies on manually typing shell commands and executing external tools for most of its malicious activity.

 

References:

Okrum and Ketrican: An Overview of Recent Ke3chang Group Activity (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence