Trusted Design

Terracotta VPN: Enabler of Advanced Threat Anonymity

概要

Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”. It is being used as a launch platform for APT actors including the now well-known Shell_Crew / Deep Panda group. Terracotta’s network of 1500+ VPN nodes throughout the world are primarily obtained by hacking into inadequately protected Windows servers in legitimate organizations, without the victim’s knowledge or permission. New nodes are continually added as new victims are enlisted, and they are unpublished outside of the Terracotta user-base.

Created: 2026-02-23

Indicators

類似Pulses

Evasive Maneuvers by Wekby with Rop-packing, DNS Covert Channels (score: 0.61)
Cyberghost VPN endpoints (score: 0.58)
Attack Gains Foothold Against East Asian Government (score: 0.56)
PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 (score: 0.56)
Uncovering Bunitu’s Secrets (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 6.72

Matched TTPs:

T1033 - System Owner/User Discovery
T1199 - Trusted Relationship
T1665 - Hide Infrastructure

MITREへのリンク →

Sea Turtle

Score: 10.65

Matched TTPs:

T1033 - System Owner/User Discovery
T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Ember Bear

Score: 11.18

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1175 - Component Object Model and Distributed COM
T1218.010 - Regsvr32

MITREへのリンク →

Indrik Spider

Score: 5.87

Matched TTPs:

T1033 - System Owner/User Discovery
T1546.016 - Installer Packages

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Contagious Interview

Score: 6.41

Matched TTPs:

T1033 - System Owner/User Discovery
T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship

MITREへのリンク →

Sandworm Team

Score: 16.82

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1055.004 - Asynchronous Procedure Call
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Star Blizzard

Score: 3.88

Matched TTPs:

T1033 - System Owner/User Discovery
T1199 - Trusted Relationship

MITREへのリンク →

APT28

Score: 20.41

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL

MITREへのリンク →

APT29

Score: 9.22

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Mustard Tempest

Score: 9.08

Matched TTPs:

T1682 - Query Public AI Services
T1543.002 - Systemd Service

MITREへのリンク →

Volt Typhoon

Score: 12.38

Matched TTPs:

T1176 - Software Extensions
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1665 - Hide Infrastructure

MITREへのリンク →

Turla

Score: 9.55

Matched TTPs:

T1176 - Software Extensions
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1546.016 - Installer Packages

MITREへのリンク →

Winter Vivern

Score: 7.06

Matched TTPs:

T1548 - Abuse Elevation Control Mechanism
T1175 - Component Object Model and Distributed COM

MITREへのリンク →

Gamaredon Group

Score: 3.37

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship

MITREへのリンク →

LAPSUS$

Score: 6.12

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

Axiom

Score: 8.55

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1218.010 - Regsvr32
T1160 - Launch Daemon

MITREへのリンク →

Dragonfly

Score: 7.70

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

APT42

Score: 6.12

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

HAFNIUM

Score: 9.40

Matched TTPs:

T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1055.008 - Ptrace System Calls

MITREへのリンク →

menuPass

Score: 5.33

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

TeamTNT

Score: 4.57

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1665 - Hide Infrastructure

MITREへのリンク →

Andariel

Score: 3.23

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

Mustang Panda

Score: 7.92

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

APT3

Score: 3.23

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

Velvet Ant

Score: 4.48

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1128 - Netsh Helper DLL

MITREへのリンク →

OilRig

Score: 6.82

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

ToddyCat

Score: 4.57

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1665 - Hide Infrastructure

MITREへのリンク →

Chimera

Score: 5.42

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1665 - Hide Infrastructure

MITREへのリンク →

MuddyWater

Score: 4.08

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

admin@338

Score: 3.23

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

APT41

Score: 4.08

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 4.08

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Earth Lusca

Score: 5.42

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1546.016 - Installer Packages

MITREへのリンク →

Tropic Trooper

Score: 8.81

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1665 - Hide Infrastructure

MITREへのリンク →

Lazarus Group

Score: 13.59

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1546.016 - Installer Packages
T1665 - Hide Infrastructure

MITREへのリンク →

Threat Group-3390

Score: 6.82

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

APT33

Score: 6.48

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Wizard Spider

Score: 4.98

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship

MITREへのリンク →

RedCurl

Score: 5.49

Matched TTPs:

T1122 - Component Object Model Hijacking
T1128 - Netsh Helper DLL

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

Medusa Group

Score: 8.13

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1598 - Phishing for Information

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

TA2541

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

FIN6

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Patchwork

Score: 5.18

Matched TTPs:

T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Cobalt Group

Score: 5.09

Matched TTPs:

T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Higaisa

Score: 8.17

Matched TTPs:

T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1665 - Hide Infrastructure

MITREへのリンク →

Leviathan

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1686 - Disable or Modify System Firewall

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1218.010 - Regsvr32
T1546.007 - Netsh Helper DLL
T1199 - Trusted Relationship
T1222.002 - Linux and Mac Permissions
T1175 - Component Object Model and Distributed COM
T1055.008 - Ptrace System Calls
T1122 - Component Object Model Hijacking

MITREへのリンク →

Sandworm Team

Score: 0.70

Matched TTPs:

T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1199 - Trusted Relationship
T1055.004 - Asynchronous Procedure Call
T1564.008 - Email Hiding Rules
T1033 - System Owner/User Discovery
T1122 - Component Object Model Hijacking

MITREへのリンク →

Lazarus Group

Score: 0.58

Matched TTPs:

T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1055.004 - Asynchronous Procedure Call
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Volt Typhoon

Score: 0.55

Matched TTPs:

T1546.016 - Installer Packages
T1199 - Trusted Relationship
T1176 - Software Extensions
T1665 - Hide Infrastructure
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る