Trusted Design

Terracotta VPN: Enabler of Advanced Threat Anonymity

概要

Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”. It is being used as a launch platform for APT actors including the now well-known Shell_Crew / Deep Panda group. Terracotta’s network of 1500+ VPN nodes throughout the world are primarily obtained by hacking into inadequately protected Windows servers in legitimate organizations, without the victim’s knowledge or permission. New nodes are continually added as new victims are enlisted, and they are unpublished outside of the Terracotta user-base.

Created: 2026-02-23

Indicators

類似Pulses

Evasive Maneuvers by Wekby with Rop-packing, DNS Covert Channels (score: 0.61)
Cyberghost VPN endpoints (score: 0.58)
Attack Gains Foothold Against East Asian Government (score: 0.56)
PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 (score: 0.56)
Uncovering Bunitu’s Secrets (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 6.72

Matched TTPs:

T1583 - Acquire Infrastructure
T1588.002 - Tool
T1680 - Local Storage Discovery

MITREへのリンク →

Sea Turtle

Score: 10.65

Matched TTPs:

T1583 - Acquire Infrastructure
T1583.003 - Virtual Private Server
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ember Bear

Score: 11.18

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1583.003 - Virtual Private Server
T1203 - Exploitation for Client Execution

MITREへのリンク →

Indrik Spider

Score: 5.87

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.004 - Server

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

Contagious Interview

Score: 6.41

Matched TTPs:

T1583 - Acquire Infrastructure
T1583.003 - Virtual Private Server
T1588.002 - Tool

MITREへのリンク →

Sandworm Team

Score: 16.82

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

Star Blizzard

Score: 3.88

Matched TTPs:

T1583 - Acquire Infrastructure
T1588.002 - Tool

MITREへのリンク →

APT28

Score: 20.41

Matched TTPs:

T1110.001 - Password Guessing
T1583.003 - Virtual Private Server
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1550.001 - Application Access Token
T1669 - Wi-Fi Networks

MITREへのリンク →

APT29

Score: 9.22

Matched TTPs:

T1110.001 - Password Guessing
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustard Tempest

Score: 9.08

Matched TTPs:

T1583.008 - Malvertising
T1608.006 - SEO Poisoning

MITREへのリンク →

Volt Typhoon

Score: 12.38

Matched TTPs:

T1584.003 - Virtual Private Server
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1584.004 - Server
T1680 - Local Storage Discovery

MITREへのリンク →

Turla

Score: 9.55

Matched TTPs:

T1584.003 - Virtual Private Server
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1584.004 - Server

MITREへのリンク →

Winter Vivern

Score: 7.06

Matched TTPs:

T1056.003 - Web Portal Capture
T1583.003 - Virtual Private Server

MITREへのリンク →

Gamaredon Group

Score: 3.37

Matched TTPs:

T1583.003 - Virtual Private Server
T1588.002 - Tool

MITREへのリンク →

LAPSUS$

Score: 6.12

Matched TTPs:

T1583.003 - Virtual Private Server
T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Axiom

Score: 8.55

Matched TTPs:

T1583.003 - Virtual Private Server
T1203 - Exploitation for Client Execution
T1001.002 - Steganography

MITREへのリンク →

Dragonfly

Score: 7.70

Matched TTPs:

T1583.003 - Virtual Private Server
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

APT42

Score: 6.12

Matched TTPs:

T1583.003 - Virtual Private Server
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

HAFNIUM

Score: 9.40

Matched TTPs:

T1583.003 - Virtual Private Server
T1199 - Trusted Relationship
T1550.001 - Application Access Token

MITREへのリンク →

menuPass

Score: 5.33

Matched TTPs:

T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

TeamTNT

Score: 4.57

Matched TTPs:

T1049 - System Network Connections Discovery
T1680 - Local Storage Discovery

MITREへのリンク →

Andariel

Score: 3.23

Matched TTPs:

T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustang Panda

Score: 7.92

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

APT3

Score: 3.23

Matched TTPs:

T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

Velvet Ant

Score: 4.48

Matched TTPs:

T1049 - System Network Connections Discovery
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

OilRig

Score: 6.82

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

ToddyCat

Score: 4.57

Matched TTPs:

T1049 - System Network Connections Discovery
T1680 - Local Storage Discovery

MITREへのリンク →

Chimera

Score: 5.42

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1680 - Local Storage Discovery

MITREへのリンク →

MuddyWater

Score: 4.08

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

admin@338

Score: 3.23

Matched TTPs:

T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT41

Score: 4.08

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 4.08

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Earth Lusca

Score: 5.42

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1584.004 - Server

MITREへのリンク →

Tropic Trooper

Score: 8.81

Matched TTPs:

T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1680 - Local Storage Discovery

MITREへのリンク →

Lazarus Group

Score: 13.59

Matched TTPs:

T1049 - System Network Connections Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1584.004 - Server
T1680 - Local Storage Discovery

MITREへのリンク →

Threat Group-3390

Score: 6.82

Matched TTPs:

T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT33

Score: 6.48

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 4.98

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool

MITREへのリンク →

RedCurl

Score: 5.49

Matched TTPs:

T1199 - Trusted Relationship
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Medusa Group

Score: 8.13

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1650 - Acquire Access

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

TA2541

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

FIN6

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Patchwork

Score: 5.18

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Cobalt Group

Score: 5.09

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Higaisa

Score: 8.17

Matched TTPs:

T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1680 - Local Storage Discovery

MITREへのリンク →

Leviathan

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1110.001 - Password Guessing
T1583.003 - Virtual Private Server
T1669 - Wi-Fi Networks
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1550.001 - Application Access Token

MITREへのリンク →

Sandworm Team

Score: 0.70

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.004 - Server
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1588.002 - Tool
T1491.002 - External Defacement
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 0.58

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1584.004 - Server
T1049 - System Network Connections Discovery
T1680 - Local Storage Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Volt Typhoon

Score: 0.55

Matched TTPs:

T1584.004 - Server
T1049 - System Network Connections Discovery
T1680 - Local Storage Discovery
T1588.002 - Tool
T1584.003 - Virtual Private Server

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る