Ke3chang Description

One of the most popular hacking groups, which are believed to hail from China, is the Ke3chang APT (Advanced Persistent Threat). They also are known as APT15. Over time, malware researchers have been keeping a close eye on the activity of the Ke3chang hacking group and have made some interesting discoveries. It appears that APT15’s campaigns carry some significant similarities with those of other Chinese hacking groups, such as similar tactics, almost identical infrastructure and matching payloads. Among these Chinese-based hacking groups are Playful Dragon, GREF, RoyalAPT, Vixen Panda and Mirage. Usually, such close similarities mean one of two things (or both) – certain prominent hackers are members of more than one group, or/and the hacking groups share information and techniques, which are mutually beneficial.

Ke3chang’s Arsenal of Hacking Tools

The Ke3chang hacking group tends to attack industries or individuals of high importance. They are known to have executed attacks against the military and oil industries, as well as diplomats, politicians and various government bodies. The Ke3chang hacking group develops its own hacking tools and carries out its operations using them almost exclusively. Some of the tools in the vast arsenal of the Ke3chang group are TidePool, Ketrican, RoyalDNS, BS2005, Okrum, and others. However, cybersecurity experts have spotted a campaign in which the Ke3chang hacking group utilized a publicly available hacking tool called Mimikatz, which is used for collecting information from the compromised host.

How the Ke3chang Group Carries Out Their Attacks Usually

Back in 2010, the Ke3chang APT got on the map with its infamous campaign against high-ranking politicians in Europe. They also are known to have launched campaigns in South America targeting similar individuals. Usually, the Ke3chang hacking group makes sure to infiltrate a host and collect information about the system, such as software and hardware data. This helps the attackers to decide what would be the most efficient way to continue the operation. Other data also is exfiltrated, such as chat logs, passwords, documents, etc. Then, the attackers may opt to utilize their privileges on the compromised machine and attempt to infiltrate other potentially vulnerable systems connected to the same network.

The Okrum Malware

The gem in the Ke3chang Group’s crown is the Okrum malware. This threat is complex and impressive particularly. The hacking group also uses a rather intricate propagation method – steganography. This technique involves the injecting of the threat’s compromised script into a specifically tailored PNG file.

Usually, the Ke3chang hacking group makes sure to gain persistence in the infected system. This helps them keep the planted threat active for longer periods.

Do You Suspect Your PC May Be Infected with Ke3chang & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Ke3chang as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.