Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to threat actors
China

Nylon Typhoon

APT15 is a China-nexus (PRC/MSS-linked) cyberespionage threat actor, also referred to as Ke3chang. In the provided content, APT15 is specifically associated with the use of steganographic techniques in operations (noted alongside other MSS-linked APTs) and is referenced in reporting on exploitation of Fortinet FortiOS SSL VPN vulnerabilities. Fortinet reporting cited APT15 (Ke3chang) as one of the Chinese threat groups exploiting older Fortinet SSL VPN flaws (CVE-2022-42475 and CVE-2023-27997), indicating a capability and interest in leveraging edge-device vulnerabilities for initial access. No additional high-confidence details on APT15’s specific victimology, malware families, or sub-groups are directly provided in the content beyond these associations.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
techrepublic com securityNews
Nov 7, 2025
Crowdstrike: AI Accelerating Ransomware Attacks Across Europe

Vixen Panda is a China-nexus group targeting cloud infrastructure to steal intellectual property from European organizations.

Read more
dark readingNews
Oct 6, 2025
Chinese Gov't Fronts Trick the West to Obtain Cyber Tech

APT15 has used steganography to hide malware inside image files, facilitating covert cyber operations.

Read more
dark readingNews
Jun 9, 2025
China-Backed Hackers Target SentinelOne in 'PurpleHaze' Attack Spree

APT15 is a China-backed threat actor known for cyber-espionage campaigns targeting government entities, foreign ministries, and high-value organizations. Recently, it has been involved in attacks against cybersecurity vendors and other sectors using malware such as ShadowPad and GOREshell.

Read more
hackreadNews
Jun 9, 2025
Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

APT15 is a Chinese cyber espionage group linked to the PurpleHaze campaign, involved in targeting global organizations for intelligence gathering.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.