Trusted Design

STRONTIUM: A profile of a persistent and motivated adversary

概要

STRONTIUM has been active since at least 2007. Whereas most modern untargeted malware is ultimately profit-oriented, STRONTIUM mainly seeks sensitive information. Its primary institutional targets have included government bodies, diplomatic institutions, and military forces and installations in NATO member states and certain Eastern European countries. Additional targets have included journalists, political advisors, and organizations associated with political activism in central Asia. STRONTIUM is Microsoft’s code name for this group, following its internal practice of assigning chemical element names to activity groups; other researchers have used code names such as APT28, Sednit, Sofacy and Fancy Bear as labels for a group or groups .

Created: 2026-02-23

Indicators

domain - mail-ukr.net -
CVE - CVE-2015-5119 -
CVE - CVE-2015-7645 -
CVE - CVE-2015-4902 -
CVE - CVE-2015-1701 -
domain - bbc-press.org -
domain - nato-news.com -
hostname - accounts.g00gle.com -
domain - electronicfrontierfoundation.org -
domain - osce-press.com -
CVE - CVE-2015-1641 -
CVE - CVE-2014-1776 -
CVE - CVE-2015-2590 -
CVE - CVE-2015-3043 -
CVE - CVE-2014-6332 -
CVE - CVE-2015-2424 -
CVE - CVE-2014-3897 -
domain - us-mg6mailyahoo.com -
CVE - CVE-2015-2387 -
domain - privacy-live.com -

類似Pulses

Sofacy APT hits high profile targets (score: 0.54)
Sofacy APT hits high profile targets with updated toolset (score: 0.52)
New Targeted Attack Group Buys BIFROSE Code, Works in Teams (score: 0.52)
A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.51)
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy (score: 0.50)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 7.75

Matched TTPs:

T1564.008 - Email Hiding Rules
T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Sandworm Team

Score: 11.32

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1122 - Component Object Model Hijacking
T1548.006 - TCC Manipulation

MITREへのリンク →

Silent Librarian

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Magic Hound

Score: 11.86

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1588.001 - Malware
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Scattered Spider

Score: 10.09

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1090.004 - Domain Fronting
T1548.006 - TCC Manipulation

MITREへのリンク →

Kimsuky

Score: 14.02

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1526 - Cloud Service Discovery
T1126 - Network Share Connection Removal
T1665 - Hide Infrastructure

MITREへのリンク →

FIN13

Score: 9.46

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1548.006 - TCC Manipulation
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 8.46

Matched TTPs:

T1606.002 - SAML Tokens
T1126 - Network Share Connection Removal
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 19.20

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution

MITREへのリンク →

Contagious Interview

Score: 12.60

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1126 - Network Share Connection Removal
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 10.92

Matched TTPs:

T1606.002 - SAML Tokens
T1212 - Exploitation for Credential Access
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 10.92

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

APT29

Score: 11.90

Matched TTPs:

T1606.002 - SAML Tokens
T1181 - Extra Window Memory Injection
T1122 - Component Object Model Hijacking
T1547.008 - LSASS Driver

MITREへのリンク →

RedCurl

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1122 - Component Object Model Hijacking

MITREへのリンク →

Turla

Score: 10.77

Matched TTPs:

T1606.002 - SAML Tokens
T1212 - Exploitation for Credential Access
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Ke3chang

Score: 4.44

Matched TTPs:

T1606.002 - SAML Tokens
T1548.006 - TCC Manipulation

MITREへのリンク →

Mustang Panda

Score: 11.72

Matched TTPs:

T1606.002 - SAML Tokens
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation

MITREへのリンク →

TeamTNT

Score: 4.93

Matched TTPs:

T1606.002 - SAML Tokens
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 6.78

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

Higaisa

Score: 18.14

Matched TTPs:

T1569.003 - Systemctl
T1588.001 - Malware
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

Wizard Spider

Score: 11.72

Matched TTPs:

T1588.001 - Malware
T1567.001 - Exfiltration to Code Repository
T1526 - Cloud Service Discovery
T1548.006 - TCC Manipulation

MITREへのリンク →

FIN6

Score: 6.96

Matched TTPs:

T1588.001 - Malware
T1548.006 - TCC Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Fox Kitten

Score: 4.44

Matched TTPs:

T1588.001 - Malware
T1548.006 - TCC Manipulation

MITREへのリンク →

ZIRCONIUM

Score: 4.69

Matched TTPs:

T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-0501

Score: 6.23

Matched TTPs:

T1588.001 - Malware
T1090.004 - Domain Fronting

MITREへのリンク →

APT41

Score: 4.44

Matched TTPs:

T1588.001 - Malware
T1548.006 - TCC Manipulation

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

APT28

Score: 5.09

Matched TTPs:

T1122 - Component Object Model Hijacking
T1548.006 - TCC Manipulation

MITREへのリンク →

Threat Group-3390

Score: 9.05

Matched TTPs:

T1122 - Component Object Model Hijacking
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

menuPass

Score: 5.09

Matched TTPs:

T1122 - Component Object Model Hijacking
T1548.006 - TCC Manipulation

MITREへのリンク →

HAFNIUM

Score: 5.09

Matched TTPs:

T1122 - Component Object Model Hijacking
T1548.006 - TCC Manipulation

MITREへのリンク →

LAPSUS$

Score: 5.09

Matched TTPs:

T1122 - Component Object Model Hijacking
T1548.006 - TCC Manipulation

MITREへのリンク →

Tonto Team

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

HEXANE

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

admin@338

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

Chimera

Score: 10.92

Matched TTPs:

T1212 - Exploitation for Credential Access
T1548.006 - TCC Manipulation
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Volt Typhoon

Score: 13.85

Matched TTPs:

T1212 - Exploitation for Credential Access
T1548.006 - TCC Manipulation
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Storm-1811

Score: 6.14

Matched TTPs:

T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 5.96

Matched TTPs:

T1578.002 - Create Cloud Instance
T1548.006 - TCC Manipulation

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1543.002 - Systemd Service

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Gamaredon Group

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Leviathan

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.84

Matched TTPs:

T1055.005 - Thread Local Storage
T1569.002 - Service Execution
T1665 - Hide Infrastructure
T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

Higaisa

Score: 0.76

Matched TTPs:

T1546.017 - Udev Rules
T1569.002 - Service Execution
T1665 - Hide Infrastructure
T1569.003 - Systemctl
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

Kimsuky

Score: 0.63

Matched TTPs:

T1665 - Hide Infrastructure
T1526 - Cloud Service Discovery
T1126 - Network Share Connection Removal
T1606.002 - SAML Tokens
T1588.001 - Malware

MITREへのリンク →

Volt Typhoon

Score: 0.62

Matched TTPs:

T1569.002 - Service Execution
T1665 - Hide Infrastructure
T1212 - Exploitation for Credential Access
T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot

MITREへのリンク →

APT29

Score: 0.55

Matched TTPs:

T1547.008 - LSASS Driver
T1122 - Component Object Model Hijacking
T1606.002 - SAML Tokens
T1181 - Extra Window Memory Injection

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る