Trusted Design

Attack Gains Foothold Against East Asian Government

概要

East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies’ network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to the rest of the network but also as C&C servers. This particular attack has been active since 2014.

Created: 2026-02-23

Indicators

類似Pulses

Digging for groundhogs: holes in your linux server (score: 0.62)
Campaign on the Government of Thailand Delivers Bookworm Trojan (score: 0.61)
Chinese Actors attacks on US Government and EU Media (score: 0.60)
Targeted Attack Distributes PlugX in Russia (score: 0.60)
APT on Taiwan - insight into advances of adversary TTPs (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 12.40

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sea Turtle

Score: 4.50

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Ember Bear

Score: 7.25

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell

MITREへのリンク →

Indrik Spider

Score: 6.64

Matched TTPs:

T1033 - System Owner/User Discovery
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Agrius

Score: 4.50

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Contagious Interview

Score: 15.51

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1562.010 - Downgrade Attack
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 22.99

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1075 - Pass the Hash
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Star Blizzard

Score: 5.01

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media

MITREへのリンク →

APT28

Score: 27.07

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.002 - Authentication Package
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 13.03

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning
T1547.008 - LSASS Driver

MITREへのリンク →

Earth Lusca

Score: 12.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1218.001 - Compiled HTML File
T1546.016 - Installer Packages

MITREへのリンク →

Mustang Panda

Score: 9.22

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation

MITREへのリンク →

OilRig

Score: 5.27

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 13.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1562.010 - Downgrade Attack
T1554 - Compromise Host Software Binary
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-3390

Score: 11.10

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackByte

Score: 8.06

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1562.010 - Downgrade Attack
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 5.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HEXANE

Score: 5.15

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Moonstone Sleet

Score: 5.27

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 9.36

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Volt Typhoon

Score: 11.04

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

FIN13

Score: 4.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Magic Hound

Score: 7.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 13.26

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1598 - Phishing for Information
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Storm-0501

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

Fox Kitten

Score: 7.33

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Ke3chang

Score: 4.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

menuPass

Score: 7.33

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

Winter Vivern

Score: 5.87

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.001 - Compiled HTML File
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leviathan

Score: 11.96

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1554 - Compromise Host Software Binary
T1027.014 - Polymorphic Code
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

UNC3886

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management

MITREへのリンク →

Dragonfly

Score: 10.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

APT41

Score: 4.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

HAFNIUM

Score: 8.21

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

MuddyWater

Score: 7.39

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 4.64

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Wizard Spider

Score: 5.86

Matched TTPs:

T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Tonto Team

Score: 3.52

Matched TTPs:

T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Turla

Score: 9.63

Matched TTPs:

T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

CURIUM

Score: 6.14

Matched TTPs:

T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

TA551

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

WIRTE

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 3.17

Matched TTPs:

T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 12.66

Matched TTPs:

T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

ZIRCONIUM

Score: 7.31

Matched TTPs:

T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning

MITREへのリンク →

LAPSUS$

Score: 6.47

Matched TTPs:

T1557.002 - ARP Cache Poisoning
T1548.006 - TCC Manipulation

MITREへのリンク →

Scattered Spider

Score: 11.79

Matched TTPs:

T1557.002 - ARP Cache Poisoning
T1027.002 - Software Packing
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

Daggerfly

Score: 3.61

Matched TTPs:

T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Windshift

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Chimera

Score: 3.12

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation

MITREへのリンク →

FIN6

Score: 4.86

Matched TTPs:

T1548.006 - TCC Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1059.001 - PowerShell
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries
T1547.002 - Authentication Package
T1222.002 - Linux and Mac Permissions
T1140 - Deobfuscate/Decode Files or Information
T1566.003 - Spearphishing via Service
T1546.007 - Netsh Helper DLL
T1548.006 - TCC Manipulation

MITREへのリンク →

Sandworm Team

Score: 0.72

Matched TTPs:

T1546.016 - Installer Packages
T1091 - Replication Through Removable Media
T1548.006 - TCC Manipulation
T1547.013 - XDG Autostart Entries
T1033 - System Owner/User Discovery
T1547.002 - Authentication Package
T1049 - System Network Connections Discovery
T1140 - Deobfuscate/Decode Files or Information
T1075 - Pass the Hash

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る