Trusted Design

PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020

概要

China is aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond. The territorial activity is accompanied by high-tempo cyber espionage and malware attacks, malicious attachments and spear phishing, directed at Southeast Asian military, diplomatic, and economic targets. ThreatConnect, in partnership with Defense Group Inc., has attributed the targeted cyber espionage infrastructure activity associated with the “Naikon” Advanced Persistent Threat (APT) group to a specific unit of the Chinese People’s Liberation Army (PLA). Our assessment is based on technical analysis of Naikon threat activity and native language research on a PLA officer within Unit 78020. Project CameraShy takes readers through our intelligence analysis, pivot by pivot, as we connect the dots using the Diamond Model of Intrusion Analysis.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Chinese Actors attacks on US Government and EU Media (score: 0.66)
SPEAR: A Threat Actor Resurfaces (score: 0.63)
Attacks Against the Mongolian Government (score: 0.63)
Operation Iron Tiger (score: 0.63)
South Korea NIS’s use of Hacking Team’s RCS (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 12.57

Matched TTPs:

T1044 - File System Permissions Weakness
T1021.006 - Windows Remote Management
T1070.009 - Clear Persistence
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 8.21

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Higaisa

Score: 3.78

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 15.10

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1057 - Process Discovery
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Chimera

Score: 3.67

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence

MITREへのリンク →

BlackTech

Score: 3.78

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 11.93

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1193 - Spearphishing Attachment
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

Tropic Trooper

Score: 5.16

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

ToddyCat

Score: 4.81

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.008 - LSASS Driver

MITREへのリンク →

menuPass

Score: 3.67

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence

MITREへのリンク →

APT37

Score: 3.78

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 3.67

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence

MITREへのリンク →

Mustang Panda

Score: 13.83

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1169 - Sudo
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1055.005 - Thread Local Storage

MITREへのリンク →

APT38

Score: 3.67

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence

MITREへのリンク →

Silence

Score: 3.67

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1070.009 - Clear Persistence

MITREへのリンク →

UNC3886

Score: 7.01

Matched TTPs:

T1021.006 - Windows Remote Management
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

Dragonfly

Score: 9.65

Matched TTPs:

T1193 - Spearphishing Attachment
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

LAPSUS$

Score: 11.60

Matched TTPs:

T1193 - Spearphishing Attachment
T1065 - Uncommonly Used Port
T1557.002 - ARP Cache Poisoning

MITREへのリンク →

APT29

Score: 9.24

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1547.008 - LSASS Driver

MITREへのリンク →

APT32

Score: 6.72

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

BRONZE BUTLER

Score: 10.00

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1008 - Fallback Channels

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1218.010 - Regsvr32

MITREへのリンク →

Wizard Spider

Score: 5.51

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1070.009 - Clear Persistence

MITREへのリンク →

APT28

Score: 18.67

Matched TTPs:

T1057 - Process Discovery
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1070.009 - Clear Persistence
T1146 - Clear Command History
T1588.003 - Code Signing Certificates

MITREへのリンク →

Moonstone Sleet

Score: 12.18

Matched TTPs:

T1057 - Process Discovery
T1573 - Encrypted Channel
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 9.84

Matched TTPs:

T1057 - Process Discovery
T1573 - Encrypted Channel
T1065 - Uncommonly Used Port

MITREへのリンク →

Kimsuky

Score: 11.39

Matched TTPs:

T1057 - Process Discovery
T1197 - BITS Jobs
T1070.009 - Clear Persistence
T1008 - Fallback Channels

MITREへのリンク →

Volt Typhoon

Score: 16.27

Matched TTPs:

T1057 - Process Discovery
T1552.008 - Chat Messages
T1065 - Uncommonly Used Port
T1070.009 - Clear Persistence
T1574.002 - DLL Side-Loading

MITREへのリンク →

Indrik Spider

Score: 3.84

Matched TTPs:

T1552.008 - Chat Messages

MITREへのリンク →

HAFNIUM

Score: 3.84

Matched TTPs:

T1552.008 - Chat Messages

MITREへのリンク →

APT41

Score: 13.22

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1574.002 - DLL Side-Loading
T1008 - Fallback Channels

MITREへのリンク →

Cobalt Group

Score: 5.80

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

Threat Group-3390

Score: 5.80

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1070.009 - Clear Persistence

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Patchwork

Score: 6.16

Matched TTPs:

T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1008 - Fallback Channels

MITREへのリンク →

OilRig

Score: 5.40

Matched TTPs:

T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1547.008 - LSASS Driver

MITREへのリンク →

Ke3chang

Score: 3.62

Matched TTPs:

T1102.002 - Bidirectional Communication

MITREへのリンク →

BlackByte

Score: 5.00

Matched TTPs:

T1102.002 - Bidirectional Communication
T1070.009 - Clear Persistence

MITREへのリンク →

Storm-0501

Score: 3.62

Matched TTPs:

T1102.002 - Bidirectional Communication

MITREへのリンク →

Malteiro

Score: 3.62

Matched TTPs:

T1102.002 - Bidirectional Communication

MITREへのリンク →

HEXANE

Score: 3.62

Matched TTPs:

T1065 - Uncommonly Used Port

MITREへのリンク →

Scattered Spider

Score: 7.57

Matched TTPs:

T1197 - BITS Jobs
T1557.002 - ARP Cache Poisoning

MITREへのリンク →

ZIRCONIUM

Score: 3.44

Matched TTPs:

T1197 - BITS Jobs

MITREへのリンク →

FIN6

Score: 3.90

Matched TTPs:

T1070.009 - Clear Persistence
T1547.008 - LSASS Driver

MITREへのリンク →

Magic Hound

Score: 3.90

Matched TTPs:

T1070.009 - Clear Persistence
T1547.008 - LSASS Driver

MITREへのリンク →

Rocke

Score: 4.67

Matched TTPs:

T1070.009 - Clear Persistence
T1008 - Fallback Channels

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1543.002 - Systemd Service

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1686 - Disable or Modify System Firewall

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.85

Matched TTPs:

T1218.010 - Regsvr32
T1197 - BITS Jobs
T1070.009 - Clear Persistence
T1146 - Clear Command History
T1588.003 - Code Signing Certificates
T1057 - Process Discovery

MITREへのリンク →

Volt Typhoon

Score: 0.78

Matched TTPs:

T1065 - Uncommonly Used Port
T1574.002 - DLL Side-Loading
T1070.009 - Clear Persistence
T1057 - Process Discovery
T1552.008 - Chat Messages

MITREへのリンク →

Lazarus Group

Score: 0.73

Matched TTPs:

T1547.008 - LSASS Driver
T1218.010 - Regsvr32
T1070.009 - Clear Persistence
T1590.003 - Network Trust Dependencies
T1055.005 - Thread Local Storage
T1057 - Process Discovery

MITREへのリンク →

Mustang Panda

Score: 0.67

Matched TTPs:

T1218.010 - Regsvr32
T1169 - Sudo
T1070.009 - Clear Persistence
T1590.003 - Network Trust Dependencies
T1055.005 - Thread Local Storage

MITREへのリンク →

APT41

Score: 0.67

Matched TTPs:

T1218.010 - Regsvr32
T1573 - Encrypted Channel
T1574.002 - DLL Side-Loading
T1070.009 - Clear Persistence
T1008 - Fallback Channels

MITREへのリンク →

Sandworm Team

Score: 0.62

Matched TTPs:

T1193 - Spearphishing Attachment
T1218.010 - Regsvr32
T1573 - Encrypted Channel
T1070.009 - Clear Persistence
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Moonstone Sleet

Score: 0.60

Matched TTPs:

T1573 - Encrypted Channel
T1197 - BITS Jobs
T1057 - Process Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

Kimsuky

Score: 0.59

Matched TTPs:

T1008 - Fallback Channels
T1197 - BITS Jobs
T1057 - Process Discovery
T1070.009 - Clear Persistence

MITREへのリンク →

Contagious Interview

Score: 0.58

Matched TTPs:

T1070.009 - Clear Persistence
T1547.008 - LSASS Driver
T1044 - File System Permissions Weakness
T1021.006 - Windows Remote Management

MITREへのリンク →

LAPSUS$

Score: 0.56

Matched TTPs:

T1193 - Spearphishing Attachment
T1557.002 - ARP Cache Poisoning
T1065 - Uncommonly Used Port

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る