Pulse Detail-

Attacks Against the Mongolian Government

概要

Unit 42 has collected multiple spear phishing emails, weaponized document files, and payloads all targeting various offices of the Mongolian government and deployed between August 2015 and February 2016. The phishing emails and document files leveraged a variety of geopolitically sensitive subject matters as attractive lures, such as events in Beijing, the Dalai Lama, North Korea relations, the Zika virus, and various legitimate appearing announcements. As we began to analyze and tear down the various samples we collected, we found significant overlaps with previously reported and documented adversary groups, attack campaigns, and their toolsets, exemplifying the concept of the Digital Quartermaster.

Created: 2026-02-23

Indicators

類似Pulses

Years-long espionage campaign against Tibetans (score: 0.71)
NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan (score: 0.70)
MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.69)
Chinese Actors attacks on US Government and EU Media (score: 0.68)
Uncovering the Seven Pointed Dagger (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 21.51

Matched TTPs:

T1597.002 - Purchase Technical Data
T1598.004 - Spearphishing Voice
T1591.002 - Business Relationships
T1656 - Impersonation
T1591.004 - Identify Roles
T1003.003 - NTDS

MITREへのリンク →

Contagious Interview

Score: 29.74

Matched TTPs:

T1588.007 - Artificial Intelligence
T1681 - Search Threat Vendor Data
T1657 - Financial Theft
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1656 - Impersonation
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

Scattered Spider

Score: 31.00

Matched TTPs:

T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1598.003 - Spearphishing Link
T1598.004 - Spearphishing Voice
T1657 - Financial Theft
T1656 - Impersonation
T1598 - Phishing for Information
T1538 - Cloud Service Dashboard
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

FIN4

Score: 6.45

Matched TTPs:

T1564.008 - Email Hiding Rules
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Ember Bear

Score: 10.35

Matched TTPs:

T1491.002 - External Defacement
T1114 - Email Collection
T1560 - Archive Collected Data

MITREへのリンク →

Sandworm Team

Score: 26.29

Matched TTPs:

T1491.002 - External Defacement
T1594 - Search Victim-Owned Websites
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1591.002 - Business Relationships
T1589.003 - Employee Names
T1593 - Search Open Websites/Domains
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Silent Librarian

Score: 13.21

Matched TTPs:

T1114 - Email Collection
T1594 - Search Victim-Owned Websites
T1598.003 - Spearphishing Link
T1589.003 - Employee Names

MITREへのリンク →

Magic Hound

Score: 17.38

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.006 - Web Services
T1105 - Ingress Tool Transfer
T1591.001 - Determine Physical Locations
T1566.003 - Spearphishing via Service

MITREへのリンク →

Kimsuky

Score: 48.99

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1596 - Search Open Technical Databases
T1589.003 - Employee Names
T1657 - Financial Theft
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1534 - Internal Spearphishing
T1593 - Search Open Websites/Domains
T1566 - Phishing
T1593.001 - Social Media
T1656 - Impersonation
T1598 - Phishing for Information
T1105 - Ingress Tool Transfer
T1587 - Develop Capabilities

MITREへのリンク →

Volt Typhoon

Score: 22.34

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1591 - Gather Victim Org Information
T1069.001 - Local Groups
T1593 - Search Open Websites/Domains
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer
T1003.003 - NTDS
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 16.51

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1597 - Search Closed Sources
T1593.001 - Social Media
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1583.006 - Web Services

MITREへのリンク →

MuddyWater

Score: 5.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

LuminousMoth

Score: 4.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1560 - Archive Collected Data
T1105 - Ingress Tool Transfer

MITREへのリンク →

Confucius

Score: 8.26

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1221 - Template Injection
T1105 - Ingress Tool Transfer

MITREへのリンク →

Mofang

Score: 5.47

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Sidewinder

Score: 11.77

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

Elderwood

Score: 3.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN7

Score: 14.61

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

Mustang Panda

Score: 21.17

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1001.003 - Protocol or Service Impersonation
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS

MITREへのリンク →

FIN8

Score: 3.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT32

Score: 10.16

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1583.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 24.08

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1001.003 - Protocol or Service Impersonation
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leviathan

Score: 12.46

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1534 - Internal Spearphishing
T1105 - Ingress Tool Transfer
T1027.015 - Compression

MITREへのリンク →

APT33

Score: 7.23

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1552.006 - Group Policy Preferences
T1105 - Ingress Tool Transfer

MITREへのリンク →

ZIRCONIUM

Score: 12.73

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.006 - Web Services
T1598 - Phishing for Information
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

Molerats

Score: 6.25

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1027.015 - Compression

MITREへのリンク →

OilRig

Score: 8.77

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1069.001 - Local Groups
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 5.62

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Cobalt Group

Score: 3.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT29

Score: 7.63

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA2541

Score: 8.26

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1105 - Ingress Tool Transfer
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 7.08

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1584.006 - Web Services

MITREへのリンク →

Storm-1811

Score: 16.86

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.004 - Spearphishing Voice
T1667 - Email Bombing
T1656 - Impersonation
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 13.60

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1069.001 - Local Groups
T1584.006 - Web Services
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

Wizard Spider

Score: 9.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1552.006 - Group Policy Preferences
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Patchwork

Score: 8.15

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1105 - Ingress Tool Transfer

MITREへのリンク →

TA505

Score: 3.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

LazyScripter

Score: 5.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT42

Score: 4.48

Matched TTPs:

T1566.002 - Spearphishing Link
T1656 - Impersonation

MITREへのリンク →

APT39

Score: 3.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT28

Score: 34.14

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1596 - Search Open Technical Databases
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1598 - Phishing for Information
T1498 - Network Denial of Service
T1221 - Template Injection
T1105 - Ingress Tool Transfer
T1137.002 - Office Test
T1003.003 - NTDS

MITREへのリンク →

Star Blizzard

Score: 10.24

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1593 - Search Open Websites/Domains

MITREへのリンク →

Moonstone Sleet

Score: 17.20

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1591 - Gather Victim Org Information
T1598 - Phishing for Information
T1105 - Ingress Tool Transfer
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 12.07

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1584.006 - Web Services
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 19.66

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1591.002 - Business Relationships
T1598.002 - Spearphishing Attachment
T1221 - Template Injection
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Saint Bear

Score: 5.92

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1656 - Impersonation

MITREへのリンク →

Tropic Trooper

Score: 4.80

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN6

Score: 8.33

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1003.003 - NTDS
T1566.003 - Spearphishing via Service

MITREへのリンク →

admin@338

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1069.001 - Local Groups

MITREへのリンク →

BRONZE BUTLER

Score: 4.24

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

menuPass

Score: 6.58

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1560 - Archive Collected Data
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Threat Group-3390

Score: 8.94

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1608.002 - Upload Tool
T1105 - Ingress Tool Transfer
T1027.015 - Compression

MITREへのリンク →

Gamaredon Group

Score: 13.59

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1534 - Internal Spearphishing
T1221 - Template Injection
T1105 - Ingress Tool Transfer
T1027.015 - Compression

MITREへのリンク →

Darkhotel

Score: 4.24

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1124 - System Time Discovery

MITREへのリンク →

Inception

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

Ajax Security Team

Score: 4.17

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT41

Score: 7.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1656 - Impersonation
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

Winter Vivern

Score: 5.27

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1584.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

Higaisa

Score: 10.46

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery
T1027.015 - Compression

MITREへのリンク →

Malteiro

Score: 3.40

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1657 - Financial Theft

MITREへのリンク →

SideCopy

Score: 5.27

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tonto Team

Score: 4.80

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1069.001 - Local Groups
T1105 - Ingress Tool Transfer

MITREへのリンク →

IndigoZebra

Score: 3.66

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1105 - Ingress Tool Transfer

MITREへのリンク →

DarkHydrus

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

The White Company

Score: 3.47

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1124 - System Time Discovery

MITREへのリンク →

Medusa Group

Score: 16.32

Matched TTPs:

T1608.002 - Upload Tool
T1657 - Financial Theft
T1583.006 - Web Services
T1105 - Ingress Tool Transfer
T1003.003 - NTDS
T1218.014 - MMC

MITREへのリンク →

Axiom

Score: 5.88

Matched TTPs:

T1560 - Archive Collected Data
T1566 - Phishing

MITREへのリンク →

BlackByte

Score: 3.37

Matched TTPs:

T1560 - Archive Collected Data
T1105 - Ingress Tool Transfer

MITREへのリンク →

Ke3chang

Score: 5.71

Matched TTPs:

T1560 - Archive Collected Data
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

TeamTNT

Score: 5.31

Matched TTPs:

T1610 - Deploy Container
T1105 - Ingress Tool Transfer

MITREへのリンク →

UNC3886

Score: 6.72

Matched TTPs:

T1681 - Search Threat Vendor Data
T1124 - System Time Discovery

MITREへのリンク →

INC Ransom

Score: 6.59

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing
T1105 - Ingress Tool Transfer

MITREへのリンク →

Cinnamon Tempest

Score: 3.30

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN13

Score: 5.64

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing

MITREへのリンク →

Play

Score: 3.30

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer

MITREへのリンク →

HAFNIUM

Score: 5.13

Matched TTPs:

T1583.006 - Web Services
T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

HEXANE

Score: 11.17

Matched TTPs:

T1534 - Internal Spearphishing
T1069.001 - Local Groups
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer

MITREへのリンク →

Chimera

Score: 8.86

Matched TTPs:

T1069.001 - Local Groups
T1105 - Ingress Tool Transfer
T1003.003 - NTDS
T1124 - System Time Discovery

MITREへのリンク →

Sea Turtle

Score: 7.82

Matched TTPs:

T1566 - Phishing
T1608.003 - Install Digital Certificate

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Fox Kitten

Score: 3.12

Matched TTPs:

T1105 - Ingress Tool Transfer
T1003.003 - NTDS

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.85

Matched TTPs:

T1593.001 - Social Media
T1591 - Gather Victim Org Information
T1566.002 - Spearphishing Link
T1594 - Search Victim-Owned Websites
T1598 - Phishing for Information
T1587 - Develop Capabilities
T1657 - Financial Theft
T1583.006 - Web Services
T1566 - Phishing
T1598.003 - Spearphishing Link
T1534 - Internal Spearphishing
T1596 - Search Open Technical Databases
T1566.001 - Spearphishing Attachment
T1656 - Impersonation
T1589.003 - Employee Names
T1105 - Ingress Tool Transfer
T1593 - Search Open Websites/Domains

MITREへのリンク →

APT28

Score: 0.63

Matched TTPs:

T1591 - Gather Victim Org Information
T1137.002 - Office Test
T1560 - Archive Collected Data
T1221 - Template Injection
T1498 - Network Denial of Service
T1583.006 - Web Services
T1598.003 - Spearphishing Link
T1003.003 - NTDS
T1596 - Search Open Technical Databases
T1566.001 - Spearphishing Attachment
T1105 - Ingress Tool Transfer
T1598 - Phishing for Information

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1657 - Financial Theft
T1598.004 - Spearphishing Voice
T1598.003 - Spearphishing Link
T1003.003 - NTDS
T1538 - Cloud Service Dashboard
T1656 - Impersonation
T1105 - Ingress Tool Transfer
T1598 - Phishing for Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Attacks Against the Mongolian Government

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ