Cyber Resilience

Threat actor · all actors

Ke3changG0004 state

🇨🇳 CN

aka Ke3chang, APT15, Mirage, Vixen Panda, GREF, Playful Dragon, RoyalAPT, NICKEL, Nylon Typhoon, Metushy, Lurid, Social Network Team, Royal APT, BRONZE PALACE, BRONZE DAVENPORT, BRONZE IDLEWOOD, G0004, Red Vulture

Last updated: 2026-07-03

1attributed CVEs
63ATT&CK techniques
3.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.(Citation: Mandiant Operation Ke3chang November 2014)(Citation: NCC Group APT15 Alive and Strong)(Citation: APT15 Intezer June 2018)(Citation: Microsoft NICKEL December 2021)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-21236 5.57.80.00422026-02-10see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-436 / 6357%
CM-633 / 6352%
CM-230 / 6348%
AC-329 / 6346%
AC-225 / 6340%
AC-625 / 6340%
CM-725 / 6340%
CA-723 / 6337%
SI-323 / 6337%
IA-222 / 6335%
AC-519 / 6330%
CM-519 / 6330%
SI-718 / 6329%
AC-414 / 6322%
IA-513 / 6321%

Co-occurring actors

Similar actors

Overlapping CVEs

Same nation-state