Trusted Design

Attack Gains Foothold Against East Asian Government

概要

East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies’ network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to the rest of the network but also as C&C servers. This particular attack has been active since 2014.

Created: 2026-02-23

Indicators

類似Pulses

Digging for groundhogs: holes in your linux server (score: 0.62)
Campaign on the Government of Thailand Delivers Bookworm Trojan (score: 0.61)
Chinese Actors attacks on US Government and EU Media (score: 0.60)
Targeted Attack Distributes PlugX in Russia (score: 0.60)
APT on Taiwan - insight into advances of adversary TTPs (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 12.40

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sea Turtle

Score: 4.50

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ember Bear

Score: 7.25

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services

MITREへのリンク →

Indrik Spider

Score: 6.64

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.004 - Server
T1105 - Ingress Tool Transfer

MITREへのリンク →

Agrius

Score: 4.50

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Contagious Interview

Score: 15.51

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1480 - Execution Guardrails
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sandworm Team

Score: 22.99

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1102.002 - Bidirectional Communication
T1499 - Endpoint Denial of Service
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Star Blizzard

Score: 5.01

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware

MITREへのリンク →

APT28

Score: 27.07

Matched TTPs:

T1110.001 - Password Guessing
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1498 - Network Denial of Service
T1105 - Ingress Tool Transfer
T1003.003 - NTDS
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

APT29

Score: 13.03

Matched TTPs:

T1110.001 - Password Guessing
T1190 - Exploit Public-Facing Application
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1566.003 - Spearphishing via Service

MITREへのリンク →

Earth Lusca

Score: 12.64

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1584.006 - Web Services
T1584.004 - Server

MITREへのリンク →

Mustang Panda

Score: 9.22

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS

MITREへのリンク →

OilRig

Score: 5.27

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 13.12

Matched TTPs:

T1608.001 - Upload Malware
T1480 - Execution Guardrails
T1102.003 - One-Way Communication
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

Threat Group-3390

Score: 11.10

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1210 - Exploitation of Remote Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

BlackByte

Score: 8.06

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1480 - Execution Guardrails
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT32

Score: 5.50

Matched TTPs:

T1608.001 - Upload Malware
T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

HEXANE

Score: 5.15

Matched TTPs:

T1608.001 - Upload Malware
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moonstone Sleet

Score: 5.27

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 9.36

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Volt Typhoon

Score: 11.04

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

FIN13

Score: 4.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Magic Hound

Score: 7.17

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 13.26

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1650 - Acquire Access
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Storm-0501

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Fox Kitten

Score: 7.33

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Ke3chang

Score: 4.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

menuPass

Score: 7.33

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Winter Vivern

Score: 5.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

Leviathan

Score: 11.96

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1584.004 - Server
T1105 - Ingress Tool Transfer

MITREへのリンク →

UNC3886

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data

MITREへのリンク →

Dragonfly

Score: 10.17

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1001.002 - Steganography

MITREへのリンク →

APT41

Score: 4.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

HAFNIUM

Score: 8.21

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

MuddyWater

Score: 7.39

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT39

Score: 4.64

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

Wizard Spider

Score: 5.86

Matched TTPs:

T1210 - Exploitation of Remote Services
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Tonto Team

Score: 3.52

Matched TTPs:

T1210 - Exploitation of Remote Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

Turla

Score: 9.63

Matched TTPs:

T1584.006 - Web Services
T1102.002 - Bidirectional Communication
T1584.004 - Server
T1105 - Ingress Tool Transfer

MITREへのリンク →

CURIUM

Score: 6.14

Matched TTPs:

T1584.006 - Web Services
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA551

Score: 3.52

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

Cobalt Group

Score: 3.52

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

WIRTE

Score: 3.52

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT37

Score: 3.17

Matched TTPs:

T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 12.66

Matched TTPs:

T1102.002 - Bidirectional Communication
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

ZIRCONIUM

Score: 7.31

Matched TTPs:

T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure

MITREへのリンク →

LAPSUS$

Score: 6.47

Matched TTPs:

T1578.002 - Create Cloud Instance
T1003.003 - NTDS

MITREへのリンク →

Scattered Spider

Score: 11.79

Matched TTPs:

T1578.002 - Create Cloud Instance
T1538 - Cloud Service Dashboard
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Daggerfly

Score: 3.61

Matched TTPs:

T1584.004 - Server
T1105 - Ingress Tool Transfer

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Chimera

Score: 3.12

Matched TTPs:

T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

FIN6

Score: 4.86

Matched TTPs:

T1003.003 - NTDS
T1566.003 - Spearphishing via Service

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1003.003 - NTDS
T1105 - Ingress Tool Transfer
T1190 - Exploit Public-Facing Application
T1669 - Wi-Fi Networks
T1210 - Exploitation of Remote Services
T1498 - Network Denial of Service
T1211 - Exploitation for Defense Evasion
T1110.001 - Password Guessing
T1102.002 - Bidirectional Communication

MITREへのリンク →

Sandworm Team

Score: 0.72

Matched TTPs:

T1003.003 - NTDS
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1190 - Exploit Public-Facing Application
T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1499 - Endpoint Denial of Service
T1584.005 - Botnet
T1102.002 - Bidirectional Communication

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る