Trusted Design

Volt Typhoon

G1017 · MITRE Pageへのリンク

脅威アクターの詳細

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and its territories including Guam. [Volt Typhoon](https://attack.mitre.org/groups/G1017)'s targeting and pattern of behavior have been assessed as pre-positioning to enable lateral movement to operational technology (OT) assets for potential destructive or disruptive attacks. [Volt Typhoon](https://attack.mitre.org/groups/G1017) has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands on keyboard activities, and stolen credentials.(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)(Citation: Microsoft Volt Typhoon May 2023)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: Secureworks BRONZE SILHOUETTE May 2023)

別名・別称

Volt Typhoon
BRONZE SILHOUETTE
Vanguard Panda
DEV-0391
UNC3236
Voltzite
Insidious Taurus

利用した攻撃手法

• T1560.001 - Archive via Utility
• T1047 - Windows Management Instrumentation
• T1113 - Screen Capture
• T1033 - System Owner/User Discovery
• T1592 - Gather Victim Host Information
• T1056.001 - Keylogging
• T1006 - Direct Volume Access
• T1133 - External Remote Services
• T1016.001 - Internet Connection Discovery
• T1584.008 - Network Devices
• T1069 - Permission Groups Discovery
• T1594 - Search Victim-Owned Websites
• T1074.001 - Local Data Staging
• T1036.005 - Match Legitimate Resource Name or Location
• T1036.008 - Masquerade File Type
• T1087.002 - Domain Account
• T1573.001 - Symmetric Cryptography
• T1087.001 - Local Account
• T1497.001 - System Checks
• T1069.002 - Domain Groups
• T1588.006 - Vulnerabilities
• T1007 - System Service Discovery
• T1120 - Peripheral Device Discovery
• T1590.004 - Network Topology
• T1070.007 - Clear Network Connection History and Configurations
• T1584.003 - Virtual Private Server
• T1005 - Data from Local System
• T1140 - Deobfuscate/Decode Files or Information
• T1190 - Exploit Public-Facing Application
• T1555 - Credentials from Password Stores
• T1552 - Unsecured Credentials
• T1218 - System Binary Proxy Execution
• T1010 - Application Window Discovery
• T1589 - Gather Victim Identity Information
• T1112 - Modify Registry
• T1555.003 - Credentials from Web Browsers
• T1505.003 - Web Shell
• T1217 - Browser Information Discovery
• T1552.004 - Private Keys
• T1070.001 - Clear Windows Event Logs
• T1003.001 - LSASS Memory
• T1589.002 - Email Addresses
• T1590.006 - Network Security Appliances
• T1016 - System Network Configuration Discovery
• T1090 - Proxy
• T1083 - File and Directory Discovery
• T1074 - Data Staged
• T1049 - System Network Connections Discovery
• T1584.005 - Botnet
• T1654 - Log Enumeration
• T1057 - Process Discovery
• T1591 - Gather Victim Org Information
• T1059.001 - PowerShell
• T1590 - Gather Victim Network Information
• T1069.001 - Local Groups
• T1593 - Search Open Websites/Domains
• T1588.002 - Tool
• T1090.003 - Multi-hop Proxy
• T1059.004 - Unix Shell
• T1078 - Valid Accounts
• T1068 - Exploitation for Privilege Escalation
• T1587.004 - Exploits
• T1570 - Lateral Tool Transfer
• T1012 - Query Registry
• T1078.002 - Domain Accounts
• T1614 - System Location Discovery
• T1591.004 - Identify Roles
• T1059.003 - Windows Command Shell
• T1070.004 - File Deletion
• T1027.002 - Software Packing
• T1584.004 - Server
• T1018 - Remote System Discovery
• T1046 - Network Service Discovery
• T1518 - Software Discovery
• T1105 - Ingress Tool Transfer
• T1021.001 - Remote Desktop Protocol
• T1596.005 - Scan Databases
• T1003.003 - NTDS
• T1680 - Local Storage Discovery
• T1124 - System Time Discovery
• T1090.001 - Internal Proxy

関連するCVE (攻撃手法に関連)

• CVE-2015-4495 (T1596.005)
• CVE-2015-5749 (T1596.005)
• CVE-2016-1898 (T1587.004)
• CVE-2016-1897 (T1596.005)
• CVE-2015-7261 (T1555)
• CVE-2015-6036 (T1560.001)
• CVE-2015-7262 (T1068)
• CVE-2015-0932 (T1596.005)
• CVE-2010-3081 (T1596.005)
• CVE-2017-16929 (T1596.005)
• CVE-2025-31125 (T1078)
• CVE-2025-68645 (T1596.005)
• CVE-2014-4114 (T1587.004)
• CVE-2017-0143 (T1596.005)
• CVE-2013-3906 (T1587.004)
• CVE-2013-6282 (T1587.004)
• CVE-2025-55182 (T1049)
• CVE-2023-1389 (T1596.005)
• CVE-2025-13928 (T1587.004)
• CVE-2025-24893 (T1596.005)
• CVE-2025-34026 (T1518)
• CVE-2025-55184 (T1049)
• CVE-2015-0071 (T1083)
• CVE-2012-4969 (T1059.003)
• CVE-2014-8361 (T1587.004)
• CVE-2010-2884 (T1059.003)
• CVE-2010-2883 (T1596.005)
• CVE-2012-6422 (T1068)
• CVE-2015-1427 (T1505.003)
• CVE-2015-3456 (T1078)
• CVE-2014-6271 (T1680)
• CVE-2016-1990 (T1068)
• CVE-2014-3153 (T1068)
• CVE-2015-3636 (T1587.004)
• CVE-2010-0232 (T1596.005)
• CVE-2015-1770 (T1021.001)
• CVE-2015-2545 (T1584.005)
• CVE-2014-6332 (T1587.004)
• CVE-2014-6352 (T1587.004)
• CVE-2010-0806 (T1105)
• CVE-2015-5119 (T1587.004)
• CVE-2015-5122 (T1596.005)
• CVE-2012-1856 (T1003.003)
• CVE-2015-7645 (T1587.004)
• CVE-2017-0199 (T1021.001)
• CVE-2015-3043 (T1018)
• CVE-2015-3090 (T1596.005)
• CVE-2015-3113 (T1587.004)
• CVE-2015-2590 (T1068)
• CVE-2015-2424 (T1584.005)
• CVE-2015-0097 (T1584.005)
• CVE-2012-0158 (T1003.003)
• CVE-2014-1761 (T1587.004)
• CVE-2015-2502 (T1596.005)
• CVE-2013-2094 (T1068)
• CVE-2016-1010 (T1596.005)
• CVE-2016-1019 (T1587.004)
• CVE-2016-0984 (T1596.005)
• CVE-2016-1001 (T1596.005)
• CVE-2016-0998 (T1596.005)
• CVE-2015-1641 (T1584.005)
• CVE-2015-1701 (T1012)
• CVE-2015-0313 (T1587.004)
• CVE-2015-0359 (T1018)
• CVE-2015-5130 (T1596.005)
• CVE-2015-5134 (T1596.005)
• CVE-2015-5539 (T1596.005)
• CVE-2015-5557 (T1596.005)
• CVE-2015-5563 (T1596.005)
• CVE-2015-5559 (T1596.005)
• CVE-2015-5540 (T1596.005)
• CVE-2015-5561 (T1596.005)
• CVE-2015-5551 (T1596.005)
• CVE-2015-5564 (T1596.005)
• CVE-2015-5565 (T1596.005)
• CVE-2015-5550 (T1596.005)
• CVE-2015-5566 (T1596.005)
• CVE-2015-5127 (T1596.005)
• CVE-2015-5556 (T1596.005)
• CVE-2015-3628 (T1068)
• CVE-2016-1287 (T1596.005)
• CVE-2015-8286 (T1596.005)
• CVE-2015-8287 (T1596.005)
• CVE-2017-0261 (T1018)
• CVE-2017-0262 (T1018)
• CVE-2016-9494 (T1591.004)
• CVE-2015-0311 (T1587.004)
• CVE-2012-0056 (T1068)
• CVE-2010-3333 (T1046)
• CVE-2015-0336 (T1068)
• CVE-2014-4322 (T1587.004)
• CVE-2015-3105 (T1596.005)
• CVE-2014-0497 (T1083)
• CVE-2013-0074 (T1083)
• CVE-2012-0507 (T1596.005)
• CVE-2014-8439 (T1596.005)
• CVE-2013-2551 (T1587.004)
• CVE-2014-0569 (T1596.005)
• CVE-2014-0515 (T1587.004)
• CVE-2015-0310 (T1587.004)
• CVE-2014-1776 (T1596.005)
• CVE-2014-0556 (T1596.005)
• CVE-2012-1876 (T1083)
• CVE-2015-5560 (T1596.005)
• CVE-2012-2539 (T1584.005)
• CVE-2014-9163 (T1046)
• CVE-2012-1723 (T1596.005)
• CVE-2014-8440 (T1596.005)
• CVE-2010-1297 (T1596.005)
• CVE-2011-3402 (T1587.004)
• CVE-2013-0634 (T1587.004)
• CVE-2014-7247 (T1587.004)
• CVE-2013-2595 (T1068)
• CVE-2015-4902 (T1083)
• CVE-2011-0611 (T1596.005)
• CVE-2013-5990 (T1591)
• CVE-2016-0189 (T1083)
• CVE-2025-55183 (T1596.005)
• CVE-2014-0329 (T1596.005)
• CVE-2016-2343 (T1596.005)
• CVE-2016-6532 (T1003.001)
• CVE-2016-9495 (T1591.004)
• CVE-2014-3393 (T1596.005)
• CVE-2012-4792 (T1105)
• CVE-2014-4148 (T1587.004)
• CVE-2016-1991 (T1068)
• CVE-2016-1562 (T1555.003)
• CVE-2012-1258 (T1046)
• CVE-2013-7331 (T1090.001)
• CVE-2025-54313 (T1589)
• CVE-2014-4113 (T1012)
• CVE-2015-0016 (T1596.005)
• CVE-2014-0322 (T1587.004)
• CVE-2015-0057 (T1068)
• CVE-2015-2360 (T1012)
• CVE-2010-4398 (T1046)
• CVE-2015-2546 (T1068)
• CVE-2015-3785 (T1083)
• CVE-2015-5897 (T1596.005)
• CVE-2015-8562 (T1587.004)
• CVE-2015-6034 (T1068)
• CVE-2015-6022 (T1083)
• CVE-2017-0263 (T1068)
• CVE-2016-9496 (T1591.004)
• CVE-2015-1761 (T1587.004)
• CVE-2013-3660 (T1587.004)
• CVE-2014-6324 (T1078.002)
• CVE-2008-1436 (T1587.004)
• CVE-2014-2273 (T1083)
• CVE-2015-2387 (T1068)
• CVE-2017-0001 (T1068)
• CVE-2025-13335 (T1596.005)
• CVE-2025-13927 (T1078)
• CVE-2026-1102 (T1078)
• CVE-2026-20127 (T1591.004)
• CVE-2016-2342 (T1046)
• CVE-2012-0611 (T1068)
• CVE-2013-2678 (T1587.004)
• CVE-2026-0723 (T1596.005)
• CVE-2015-2852 (T1083)
• CVE-2015-2854 (T1083)
• CVE-2015-2853 (T1083)
• CVE-2012-3213 (T1596.005)
• CVE-2011-3544 (T1596.005)
• CVE-2017-17215 (T1591.004)
• CVE-2013-2465 (T1596.005)
• CVE-2010-0188 (T1059.003)
• CVE-2015-2426 (T1584.005)
• CVE-2014-3897 (T1083)
• CVE-2009-3129 (T1046)
• CVE-2010-2572 (T1059.004)
• CVE-2011-1255 (T1003.003)
• CVE-2017-8570 (T1083)
• CVE-2015-2419 (T1083)
• CVE-2016-4117 (T1587.004)
• CVE-2025-66478 (T1083)
• CVE-2017-12149 (T1654)
• CVE-2010-0738 (T1078)
• CVE-2012-4681 (T1124)
• CVE-2015-7808 (T1068)
• CVE-2010-1553 (T1046)
• CVE-2015-5477 (T1596.005)
• CVE-2013-0641 (T1059.003)
• CVE-2013-0640 (T1059.003)
• CVE-2017-7255 (T1018)
• CVE-2014-7911 (T1596.005)

Actor – Pulse グラフ

---

← 脅威アクター一覧に戻る