Pulse Detail-

Targets Middle Eastern Telecommunications Companies

概要

Targets Middle Eastern Telecommunications Companies esearchers observed additional activity associated with suspected Iran-based Threat Group-2889[1] (TG-2889) that confirms prior analysis of the group's use of LinkedIn to target victims and its interest in Middle Eastern telecommunications companies. CTU(TM) researchers also uncovered the use of a remote access trojan (RAT) called Helminth that has similarities to other tools used by TG-2889. CTU researchers assess with high confidence that TG-2889 is associated with Iranian government-directed cyber operations. Although the observed activity does not appear to target Western organizations, SecureWorks clients should review the group's tactics, techniques, and procedures (TTPs) and implement defenses against these types of attacks.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Targeted Attack Distributes PlugX in Russia (score: 0.71)
Threat Group-3390 Targets Organizations for Cyberespionage (score: 0.67)
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy (score: 0.66)
OilRig Deploys ALMA Communicator – DNS Tunneling Trojan (score: 0.65)
NetTraveler APT Targets Russian, European Interests (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 40.99

Matched TTPs:

T1033 - System Owner/User Discovery
T1053.007 - Container Orchestration Job
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1562.013 - Disable or Modify Network Device Firewall
T1027.014 - Polymorphic Code
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Sea Turtle

Score: 9.07

Matched TTPs:

T1033 - System Owner/User Discovery
T1122 - Component Object Model Hijacking
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Ember Bear

Score: 9.76

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1550 - Use Alternate Authentication Material

MITREへのリンク →

Indrik Spider

Score: 9.30

Matched TTPs:

T1033 - System Owner/User Discovery
T1552.008 - Chat Messages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Agrius

Score: 4.68

Matched TTPs:

T1033 - System Owner/User Discovery
T1622 - Debugger Evasion

MITREへのリンク →

Contagious Interview

Score: 24.73

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 31.17

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1102.003 - One-Way Communication
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 12.40

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1657 - Financial Theft
T1102.003 - One-Way Communication

MITREへのリンク →

Volt Typhoon

Score: 40.42

Matched TTPs:

T1148 - HISTCONTROL
T1685.001 - Disable or Modify Windows Event Log
T1114 - Email Collection
T1553.002 - Code Signing
T1164 - Re-opened Applications
T1057 - Process Discovery
T1552.008 - Chat Messages
T1102.003 - One-Way Communication
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1574.002 - DLL Side-Loading

MITREへのリンク →

LAPSUS$

Score: 18.88

Matched TTPs:

T1216.001 - PubPrn
T1019 - System Firmware
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1065 - Uncommonly Used Port

MITREへのリンク →

Andariel

Score: 8.47

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1187 - Forced Authentication
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Magic Hound

Score: 25.40

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1098.002 - Additional Email Delegate Permissions
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

HAFNIUM

Score: 17.76

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1059 - Command and Scripting Interpreter
T1608.005 - Link Target
T1552.008 - Chat Messages
T1122 - Component Object Model Hijacking
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 22.70

Matched TTPs:

T1053.007 - Container Orchestration Job
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1169 - Sudo
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

APT28

Score: 38.30

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1139 - Bash History
T1550 - Use Alternate Authentication Material
T1608.005 - Link Target
T1057 - Process Discovery
T1122 - Component Object Model Hijacking
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1546.007 - Netsh Helper DLL

MITREへのリンク →

ZIRCONIUM

Score: 16.07

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Leviathan

Score: 12.74

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1550 - Use Alternate Authentication Material
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 11.21

Matched TTPs:

T1682 - Query Public AI Services
T1543.002 - Systemd Service
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Silent Librarian

Score: 5.74

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link

MITREへのリンク →

EXOTIC LILY

Score: 15.55

Matched TTPs:

T1114 - Email Collection
T1149 - LC_MAIN Hijacking
T1690 - Prevent Command History Logging
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

TA578

Score: 6.66

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 8.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1657 - Financial Theft
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Scattered Spider

Score: 21.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1019 - System Firmware
T1197 - BITS Jobs
T1090.004 - Domain Fronting
T1027.002 - Software Packing
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

APT32

Score: 11.95

Matched TTPs:

T1566.002 - Spearphishing Link
T1550 - Use Alternate Authentication Material
T1608.005 - Link Target
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Moonstone Sleet

Score: 12.48

Matched TTPs:

T1566.002 - Spearphishing Link
T1057 - Process Discovery
T1197 - BITS Jobs
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 8.60

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 14.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1550 - Use Alternate Authentication Material
T1193 - Spearphishing Attachment
T1657 - Financial Theft
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Patchwork

Score: 8.83

Matched TTPs:

T1566.002 - Spearphishing Link
T1550 - Use Alternate Authentication Material
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1553.002 - Code Signing

MITREへのリンク →

FIN13

Score: 6.27

Matched TTPs:

T1553.002 - Code Signing
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Medusa Group

Score: 8.57

Matched TTPs:

T1218.003 - CMSTP
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Threat Group-3390

Score: 7.66

Matched TTPs:

T1218.003 - CMSTP
T1122 - Component Object Model Hijacking
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Axiom

Score: 12.06

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1562.013 - Disable or Modify Network Device Firewall
T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

BlackByte

Score: 5.02

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Lazarus Group

Score: 22.81

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1608.005 - Link Target
T1057 - Process Discovery
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1055.015 - ListPlanting
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 6.76

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1622 - Debugger Evasion
T1547.008 - LSASS Driver

MITREへのリンク →

LuminousMoth

Score: 4.73

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Ke3chang

Score: 3.37

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 7.76

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1122 - Component Object Model Hijacking
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

UNC3886

Score: 7.57

Matched TTPs:

T1021.006 - Windows Remote Management
T1055.015 - ListPlanting

MITREへのリンク →

Earth Lusca

Score: 6.99

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1027.018 - Invisible Unicode

MITREへのリンク →

Turla

Score: 10.17

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 6.55

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 9.42

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 18.54

Matched TTPs:

T1608.005 - Link Target
T1057 - Process Discovery
T1547.002 - Authentication Package
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1055.015 - ListPlanting

MITREへのリンク →

Confucius

Score: 4.15

Matched TTPs:

T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Gamaredon Group

Score: 6.55

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Saint Bear

Score: 3.37

Matched TTPs:

T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

POLONIUM

Score: 7.16

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

TA2541

Score: 4.15

Matched TTPs:

T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 4.15

Matched TTPs:

T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

SideCopy

Score: 4.40

Matched TTPs:

T1657 - Financial Theft
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT33

Score: 6.27

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Wizard Spider

Score: 7.92

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03

Matched TTPs:

T1122 - Component Object Model Hijacking
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

RedCurl

Score: 4.11

Matched TTPs:

T1122 - Component Object Model Hijacking
T1027.018 - Invisible Unicode

MITREへのリンク →

INC Ransom

Score: 5.71

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Winter Vivern

Score: 5.76

Matched TTPs:

T1218.001 - Compiled HTML File
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

TA551

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 6.53

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Storm-0501

Score: 6.88

Matched TTPs:

T1027.014 - Polymorphic Code
T1090.004 - Domain Fronting

MITREへのリンク →

Blue Mockingbird

Score: 4.39

Matched TTPs:

T1027.014 - Polymorphic Code
T1622 - Debugger Evasion

MITREへのリンク →

WIRTE

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-1811

Score: 7.84

Matched TTPs:

T1486 - Data Encrypted for Impact
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

APT37

Score: 3.17

Matched TTPs:

T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 6.18

Matched TTPs:

T1547.002 - Authentication Package
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

HEXANE

Score: 8.44

Matched TTPs:

T1547.002 - Authentication Package
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

OilRig

Score: 9.75

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1055.015 - ListPlanting
T1547.008 - LSASS Driver

MITREへのリンク →

APT41

Score: 10.00

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1574.002 - DLL Side-Loading
T1055.015 - ListPlanting

MITREへのリンク →

FIN8

Score: 3.78

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Windshift

Score: 4.66

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

APT3

Score: 3.78

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84

Matched TTPs:

T1057 - Process Discovery
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1562.013 - Disable or Modify Network Device Firewall
T1547.013 - XDG Autostart Entries
T1053.007 - Container Orchestration Job
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1114 - Email Collection
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1027.014 - Polymorphic Code
T1608.005 - Link Target

MITREへのリンク →

Volt Typhoon

Score: 0.83

Matched TTPs:

T1164 - Re-opened Applications
T1057 - Process Discovery
T1685.001 - Disable or Modify Windows Event Log
T1553.002 - Code Signing
T1547.013 - XDG Autostart Entries
T1552.008 - Chat Messages
T1065 - Uncommonly Used Port
T1622 - Debugger Evasion
T1574.002 - DLL Side-Loading
T1148 - HISTCONTROL
T1114 - Email Collection
T1102.003 - One-Way Communication

MITREへのリンク →

APT28

Score: 0.80

Matched TTPs:

T1057 - Process Discovery
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1547.013 - XDG Autostart Entries
T1122 - Component Object Model Hijacking
T1550 - Use Alternate Authentication Material
T1027.018 - Invisible Unicode
T1546.007 - Netsh Helper DLL
T1146 - Clear Command History
T1608.005 - Link Target
T1139 - Bash History

MITREへのリンク →

Sandworm Team

Score: 0.69

Matched TTPs:

T1187 - Forced Authentication
T1547.002 - Authentication Package
T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1547.013 - XDG Autostart Entries
T1564.008 - Email Hiding Rules
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1027.018 - Invisible Unicode
T1114 - Email Collection
T1102.003 - One-Way Communication

MITREへのリンク →

Magic Hound

Score: 0.60

Matched TTPs:

T1187 - Forced Authentication
T1547.002 - Authentication Package
T1098.002 - Additional Email Delegate Permissions
T1566.002 - Spearphishing Link
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1622 - Debugger Evasion
T1608.005 - Link Target
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 0.55

Matched TTPs:

T1102.003 - One-Way Communication
T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1027.018 - Invisible Unicode
T1021.006 - Windows Remote Management
T1690 - Prevent Command History Logging
T1608.005 - Link Target
T1547.008 - LSASS Driver

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Targets Middle Eastern Telecommunications Companies

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ