Trusted Design

Black Vine: Formidable cyberespionage group

概要

Earlier this year, the second largest health insurance provider in the US publicly disclosed that it had been the victim of a major cyberattack. The attack against Anthem resulted in the largest known healthcare data breach to date, with 80 million patient records exposed. Symantec believes that the attackers behind the Anthem breach are part of a highly resourceful cyberespionage group called Black Vine. The Anthem attack is only one of multiple campaigns that Symantec has attributed to this group. Symantec’s latest whitepaper documents multiple Black Vine operations that have been occurring since 2012. Black Vine’s targets include gas turbine manufacturers, large aerospace and aviation companies, healthcare providers, and more. The group has access to zero-day exploits, most likely obtained through the Elderwood framework, and uses custom-developed back door malware. By connecting multiple Black Vine campaigns, we traced how the attack group has evolved over the last three years.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 8.64
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 6.00
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ember Bear

Score: 13.97
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 3.03
Matched TTPs:
  • T1583 - Acquire Infrastructure
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Contagious Interview

Score: 16.28
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1681 - Search Threat Vendor Data
  • T1480 - Execution Guardrails
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Sandworm Team

Score: 13.69
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Star Blizzard

Score: 3.03
Matched TTPs:
  • T1583 - Acquire Infrastructure
MITREへのリンク →

LAPSUS$

Score: 12.23
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1591.002 - Business Relationships
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT41

Score: 6.25
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 11.67
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1538 - Cloud Service Dashboard
  • T1213.005 - Messaging Applications
MITREへのリンク →

TA505

Score: 3.29
Matched TTPs:
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Volt Typhoon

Score: 4.76
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT3

Score: 4.78
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN13

Score: 4.76
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

OilRig

Score: 13.35
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT28

Score: 19.32
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1137.002 - Office Test
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Magic Hound

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Storm-0501

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Fox Kitten

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1213.005 - Messaging Applications
MITREへのリンク →

BlackByte

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1480 - Execution Guardrails
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT29

Score: 5.49
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

INC Ransom

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

UNC3886

Score: 7.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dragonfly

Score: 9.96
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Salt Typhoon

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Gamaredon Group

Score: 11.53
Matched TTPs:
  • T1480 - Execution Guardrails
  • T1001 - Data Obfuscation
  • T1221 - Template Injection
MITREへのリンク →

APT33

Score: 8.37
Matched TTPs:
  • T1552.006 - Group Policy Preferences
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Wizard Spider

Score: 6.88
Matched TTPs:
  • T1552.006 - Group Policy Preferences
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lazarus Group

Score: 10.90
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Confucius

Score: 4.65
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Cobalt Group

Score: 4.24
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Mustang Panda

Score: 8.37
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Tropic Trooper

Score: 7.39
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1221 - Template Injection
MITREへのリンク →

Inception

Score: 4.65
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

APT32

Score: 4.24
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

RedCurl

Score: 6.59
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 8.02
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN8

Score: 5.49
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1221 - Template Injection
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.85
Matched TTPs:
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1221 - Template Injection
  • T1137.002 - Office Test
MITREへのリンク →

Contagious Interview

Score: 0.67
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1480 - Execution Guardrails
  • T1583 - Acquire Infrastructure
  • T1566.003 - Spearphishing via Service
  • T1681 - Search Threat Vendor Data
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1591.002 - Business Relationships
MITREへのリンク →

LAPSUS$

Score: 0.62
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1597.002 - Purchase Technical Data
  • T1213.005 - Messaging Applications
MITREへのリンク →

Ember Bear

Score: 0.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1588.005 - Exploits
MITREへのリンク →

OilRig

Score: 0.57
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1573.002 - Asymmetric Cryptography
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1195 - Supply Chain Compromise
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1538 - Cloud Service Dashboard
  • T1213.005 - Messaging Applications
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る