Ke3chang
Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low2.2
Low signal strength
Mentions3
Sources3
High conf.2
Last seenJun 2026
First observed
2017-05-31
Last active
—
Origin
China
Aliases
9
Techniques
46
Campaigns
1
China
Attribution signals
3 mentions · 3 sources#1exploitedhigh
Unspecified
security-affairs
May 2026
"The APT group GREF exploited the flaw as a zero-day in targeted attacks."
#2targetedhigh
Victimology
dark-reading
Jun 2026
"groups such as Vixen Panda, Aquatic Panda, and Liminal Panda have targeted Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Peru, Suriname, and Uruguay in 2024 and 2025"
#3linked tomoderate
Infrastructure
recorded-future
May 2026
"In 2021, Insikt Group identified infrastructure previously linked to APT15, a Chinese state-sponsored threat actor targeting a Canada-based mining company focused on mining zinc, copper, and lead."
Hedge terms observed
exploitedlinked totargeted