Trusted Design

South Korea NIS’s use of Hacking Team’s RCS

概要

This research note outlines what we know about the use of Hacking Team’s Remote Control System (RCS) by South Korea’s National Intelligence Service (NIS). The note synthesizes information found in publicly leaked materials, as well as our own research. The data available in the leaked Hacking Team files provides circumstantial evidence pointing to an interest in compromising individuals with ties to South Korea (i.e., Korean language speakers who use software or apps popular in South Korea, or South Korean editions of Samsung phones). The leaked data alone cannot identify specific individuals targeted by NIS, nor prove misuse of the technology; further investigation and research is necessary to make those determinations. Moreover, the presence of intrusion software does not necessarily equate to its misuse, as such software may be utilized by intelligence or law enforcement agencies in a manner that conforms with rule of law and democratic principles.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

OilRig

Score: 14.67
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Gamaredon Group

Score: 18.12
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1546.017 - Udev Rules
MITREへのリンク →

APT28

Score: 21.04
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1583.005 - Botnet
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1574.009 - Path Interception by Unquoted Path
  • T1070.009 - Clear Persistence
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 8.61
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

Sandworm Team

Score: 13.03
Matched TTPs:
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
MITREへのリンク →

Kimsuky

Score: 15.03
Matched TTPs:
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Velvet Ant

Score: 12.31
Matched TTPs:
  • T1583.005 - Botnet
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Salt Typhoon

Score: 5.78
Matched TTPs:
  • T1583.005 - Botnet
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 5.78
Matched TTPs:
  • T1583.005 - Botnet
  • T1556 - Modify Authentication Process
MITREへのリンク →

UNC3886

Score: 7.01
Matched TTPs:
  • T1583.005 - Botnet
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

DarkVishnya

Score: 3.03
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

Fox Kitten

Score: 11.81
Matched TTPs:
  • T1491 - Defacement
  • T1542.004 - ROMMONkit
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Volt Typhoon

Score: 16.73
Matched TTPs:
  • T1491 - Defacement
  • T1164 - Re-opened Applications
  • T1102.003 - One-Way Communication
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 10.69
Matched TTPs:
  • T1491 - Defacement
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Scattered Spider

Score: 8.78
Matched TTPs:
  • T1491 - Defacement
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Moonstone Sleet

Score: 11.13
Matched TTPs:
  • T1491 - Defacement
  • T1573 - Encrypted Channel
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Chimera

Score: 14.34
Matched TTPs:
  • T1491 - Defacement
  • T1542.004 - ROMMONkit
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 4.54
Matched TTPs:
  • T1548 - Abuse Elevation Control Mechanism
MITREへのリンク →

Mustang Panda

Score: 7.41
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1070.009 - Clear Persistence
  • T1556 - Modify Authentication Process
MITREへのリンク →

Contagious Interview

Score: 9.94
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1070.009 - Clear Persistence
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Star Blizzard

Score: 3.29
Matched TTPs:
  • T1102.003 - One-Way Communication
MITREへのリンク →

RedCurl

Score: 7.16
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

BRONZE BUTLER

Score: 10.29
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

menuPass

Score: 6.06
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT41

Score: 15.08
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

Cobalt Group

Score: 8.70
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Dragonfly

Score: 5.96
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 10.90
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1070.009 - Clear Persistence
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 11.96
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT37

Score: 6.02
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lazarus Group

Score: 16.91
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT39

Score: 7.82
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Magic Hound

Score: 7.95
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 4.05
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1622 - Debugger Evasion
MITREへのリンク →

ZIRCONIUM

Score: 4.99
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

TA2541

Score: 5.90
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1546.017 - Udev Rules
MITREへのリンク →

Tropic Trooper

Score: 4.13
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

Medusa Group

Score: 16.33
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

FIN6

Score: 13.44
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN8

Score: 8.52
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 6.02
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackByte

Score: 9.05
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 3.62
Matched TTPs:
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Malteiro

Score: 3.62
Matched TTPs:
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Play

Score: 4.82
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
  • T1070.009 - Clear Persistence
MITREへのリンク →

LuminousMoth

Score: 3.44
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Aquatic Panda

Score: 3.03
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN10

Score: 3.03
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 3.90
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 8.17
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT32

Score: 6.53
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT5

Score: 3.03
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 3.03
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

The White Company

Score: 3.97
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 6.31
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

INC Ransom

Score: 5.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Rocke

Score: 4.67
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1543.002 - Systemd Service
MITREへのリンク →

Blue Mockingbird

Score: 4.05
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Leviathan

Score: 4.80
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

Higaisa

Score: 5.74
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

CURIUM

Score: 5.12
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

LAPSUS$

Score: 3.84
Matched TTPs:
  • T1588.005 - Exploits
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1552.005 - Cloud Instance Metadata API
  • T1566.003 - Spearphishing via Service
  • T1583.005 - Botnet
  • T1070.009 - Clear Persistence
  • T1547.002 - Authentication Package
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Lazarus Group

Score: 0.72
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1216 - System Script Proxy Execution
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1546.017 - Udev Rules
  • T1542.004 - ROMMONkit
  • T1552.005 - Cloud Instance Metadata API
  • T1061 - Graphical User Interface
  • T1070.009 - Clear Persistence
  • T1547.002 - Authentication Package
MITREへのリンク →

Volt Typhoon

Score: 0.69
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1102.003 - One-Way Communication
  • T1164 - Re-opened Applications
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1491 - Defacement
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1583.005 - Botnet
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
  • T1070.009 - Clear Persistence
  • T1547.002 - Authentication Package
MITREへのリンク →

Medusa Group

Score: 0.66
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1216 - System Script Proxy Execution
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1573 - Encrypted Channel
  • T1008 - Fallback Channels
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Chimera

Score: 0.58
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1542.004 - ROMMONkit
  • T1578.001 - Create Snapshot
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1491 - Defacement
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1547.008 - LSASS Driver
  • T1128 - Netsh Helper DLL
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 0.56
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1070.009 - Clear Persistence
  • T1547.008 - LSASS Driver
  • T1128 - Netsh Helper DLL
  • T1556 - Modify Authentication Process
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る