Nylon Typhoon (formerly NICKEL) uses exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they then used to gain access to victim accounts and to gain access to higher value systems. Nylon Typhoon actors have been observed creating and deploying custom malware that then allowed them to maintain persistence on victim networks over extended periods of time.
Nation State Actor
Nylon Typhoon
Also known as: Industries targeted:
APT15, Vixen Panda Government agencies and services
Diplomatic organizations
Country of origin:
Non-government organizations
China
Countries targeted:
Central America
Europe
North America
South America
The Caribbean