Trusted Design

Stealthy Cyberespionage Campaign Attacks With Social Engineering

概要

The McAfee Labs research team has tracked an advanced persistent threat for the past couple of months. This group has evolved a lot in sophistication and evasion techniques to defeat detection by security products. This group has been active since at least 2014 and uses spear-phishing campaigns to target enterprises. We have observed this group targeting defense, aerospace, and legal sector companies.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 31.75
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Contagious Interview

Score: 27.99
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 9.47
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 40.70
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Volt Typhoon

Score: 34.48
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 42.97
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1139 - Bash History
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1548.006 - TCC Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 12.98
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
MITREへのリンク →

Leviathan

Score: 21.30
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustard Tempest

Score: 10.52
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1543.002 - Systemd Service
MITREへのリンク →

Silent Librarian

Score: 5.74
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Kimsuky

Score: 52.98
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1526 - Cloud Service Discovery
MITREへのリンク →

EXOTIC LILY

Score: 13.47
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

FIN13

Score: 6.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 14.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 13.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 18.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 3.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
MITREへのリンク →

APT29

Score: 13.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 4.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Turla

Score: 9.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Ke3chang

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Mustang Panda

Score: 24.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1526 - Cloud Service Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN7

Score: 17.87
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1065 - Uncommonly Used Port
MITREへのリンク →

BlackTech

Score: 6.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 8.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 5.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 12.64
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Elderwood

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN8

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT32

Score: 8.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 7.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 22.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 7.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 4.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
MITREへのリンク →

Earth Lusca

Score: 7.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Storm-1811

Score: 16.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 11.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1526 - Cloud Service Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Patchwork

Score: 6.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

LazyScripter

Score: 4.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 4.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Scattered Spider

Score: 22.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
MITREへのリンク →

CURIUM

Score: 9.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 14.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Saint Bear

Score: 7.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Tropic Trooper

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 5.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

menuPass

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Gamaredon Group

Score: 6.51
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

Inception

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 11.87
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winter Vivern

Score: 4.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 7.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

Andariel

Score: 6.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 5.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
MITREへのリンク →

HEXANE

Score: 12.66
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1055.014 - VDSO Hijacking
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

HAFNIUM

Score: 12.51
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Axiom

Score: 8.40
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 6.88
Matched TTPs:
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Chimera

Score: 5.78
Matched TTPs:
  • T1592.003 - Firmware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1114 - Email Collection
  • T1552.003 - Shell History
  • T1024 - Custom Cryptographic Protocol
  • T1598.003 - Spearphishing Link
  • T1055.014 - VDSO Hijacking
  • T1030 - Data Transfer Size Limits
  • T1526 - Cloud Service Discovery
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1690 - Prevent Command History Logging
  • T1606.002 - SAML Tokens
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1683.001 - Written Content
  • T1102.003 - One-Way Communication
  • T1057 - Process Discovery
  • T1152 - Launchctl
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
MITREへのリンク →

APT28

Score: 0.71
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1685.001 - Disable or Modify Windows Event Log
  • T1548.006 - TCC Manipulation
  • T1139 - Bash History
  • T1608.005 - Link Target
  • T1592.003 - Firmware
  • T1146 - Clear Command History
  • T1057 - Process Discovery
  • T1152 - Launchctl
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 0.68
Matched TTPs:
  • T1114 - Email Collection
  • T1564.008 - Email Hiding Rules
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1187 - Forced Authentication
  • T1193 - Spearphishing Attachment
  • T1543.003 - Windows Service
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1005 - Data from Local System
  • T1102.003 - One-Way Communication
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1114 - Email Collection
  • T1159 - Launch Agent
  • T1065 - Uncommonly Used Port
  • T1164 - Re-opened Applications
  • T1685.001 - Disable or Modify Windows Event Log
  • T1548.006 - TCC Manipulation
  • T1049 - System Network Connections Discovery
  • T1574.002 - DLL Side-Loading
  • T1102.003 - One-Way Communication
  • T1057 - Process Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る