Trusted Design

Operation C-Major actors used Mobile Spyware Against Targets

概要

Last March, we reported on Operation C-Major, an active information theft campaign that was able to steal sensitive information from high profile targets in India. The campaign was able to steal large amounts of data despite using relatively simple malware because it used clever social engineering tactics against its targets. In this post, we will focus on the mobile part of their operation and discuss in detail several Android and BlackBerry apps they are using. Based on our investigation, the actors behind Operation C-Major were able to keep their Android malware on Google Play for months and they advertised their apps on Facebook pages which have thousands of likes from high profile targets.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 3.62
Matched TTPs:
  • T1114 - Email Collection
MITREへのリンク →

Silent Librarian

Score: 6.91
Matched TTPs:
  • T1114 - Email Collection
  • T1594 - Search Victim-Owned Websites
MITREへのリンク →

Magic Hound

Score: 14.30
Matched TTPs:
  • T1114 - Email Collection
  • T1087.003 - Email Account
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 13.02
Matched TTPs:
  • T1114 - Email Collection
  • T1657 - Financial Theft
  • T1538 - Cloud Service Dashboard
  • T1003.003 - NTDS
MITREへのリンク →

Kimsuky

Score: 23.91
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1593.002 - Search Engines
  • T1657 - Financial Theft
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1593.001 - Social Media
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Volt Typhoon

Score: 15.82
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1591.004 - Identify Roles
  • T1003.003 - NTDS
MITREへのリンク →

EXOTIC LILY

Score: 9.65
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 16.38
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1087.003 - Email Account
  • T1591.002 - Business Relationships
  • T1593 - Search Open Websites/Domains
  • T1003.003 - NTDS
MITREへのリンク →

TA578

Score: 3.29
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
MITREへのリンク →

TA505

Score: 3.62
Matched TTPs:
  • T1087.003 - Email Account
MITREへのリンク →

RedCurl

Score: 3.62
Matched TTPs:
  • T1087.003 - Email Account
MITREへのリンク →

UNC3886

Score: 4.13
Matched TTPs:
  • T1681 - Search Threat Vendor Data
MITREへのリンク →

Contagious Interview

Score: 19.05
Matched TTPs:
  • T1681 - Search Threat Vendor Data
  • T1657 - Financial Theft
  • T1593 - Search Open Websites/Domains
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dragonfly

Score: 6.19
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1003.003 - NTDS
MITREへのリンク →

LAPSUS$

Score: 9.81
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1591.004 - Identify Roles
  • T1003.003 - NTDS
MITREへのリンク →

APT29

Score: 6.37
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 6.59
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 3.84
Matched TTPs:
  • T1550.003 - Pass the Ticket
MITREへのリンク →

FIN13

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1003.003 - NTDS
MITREへのリンク →

Medusa Group

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 5.63
Matched TTPs:
  • T1591 - Gather Victim Org Information
  • T1003.003 - NTDS
MITREへのリンク →

Lazarus Group

Score: 12.69
Matched TTPs:
  • T1591 - Gather Victim Org Information
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Moonstone Sleet

Score: 5.81
Matched TTPs:
  • T1591 - Gather Victim Org Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 6.91
Matched TTPs:
  • T1591 - Gather Victim Org Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 15.66
Matched TTPs:
  • T1593 - Search Open Websites/Domains
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Star Blizzard

Score: 3.29
Matched TTPs:
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

OilRig

Score: 12.96
Matched TTPs:
  • T1137.004 - Outlook Home Page
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

HEXANE

Score: 3.62
Matched TTPs:
  • T1591.004 - Identify Roles
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

APT38

Score: 4.54
Matched TTPs:
  • T1036.006 - Space after Filename
MITREへのリンク →

Wizard Spider

Score: 8.24
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

FIN8

Score: 5.90
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Threat Group-3390

Score: 6.30
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

FIN6

Score: 7.61
Matched TTPs:
  • T1003.003 - NTDS
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Axiom

Score: 4.54
Matched TTPs:
  • T1001.002 - Steganography
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Gamaredon Group

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1593.002 - Search Engines
  • T1593.001 - Social Media
  • T1594 - Search Victim-Owned Websites
  • T1593 - Search Open Websites/Domains
  • T1588.003 - Code Signing Certificates
  • T1657 - Financial Theft
  • T1591 - Gather Victim Org Information
MITREへのリンク →

Contagious Interview

Score: 0.63
Matched TTPs:
  • T1593.001 - Social Media
  • T1593 - Search Open Websites/Domains
  • T1566.003 - Spearphishing via Service
  • T1657 - Financial Theft
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1681 - Search Threat Vendor Data
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1594 - Search Victim-Owned Websites
  • T1593 - Search Open Websites/Domains
  • T1591 - Gather Victim Org Information
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1594 - Search Victim-Owned Websites
  • T1593 - Search Open Websites/Domains
  • T1087.003 - Email Account
  • T1003.003 - NTDS
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1593 - Search Open Websites/Domains
  • T1027.007 - Dynamic API Resolution
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る