Trusted Design

Indian organizations targeted in Suckfly attacks

概要

In March 2016, Symantec published a blog on Suckfly, an advanced cyberespionage group that conducted attacks against a number of South Korean organizations to steal digital certificates. Since then we have identified a number of attacks over a two-year period, beginning in April 2014, which we attribute to Suckfly. The attacks targeted high-profile targets, including government and commercial organizations. These attacks occurred in several different countries, but our investigation revealed that the primary targets were individuals and organizations primarily located in India. While there have been several Suckfly campaigns that infected organizations with the group’s custom malware Backdoor.Nidiran, the Indian targets show a greater amount of post-infection activity than targets in other regions. This suggests that these attacks were part of a planned operation against specific targets in India.

Created: 2026-02-23

Indicators

類似Pulses

Tick cyberespionage group zeros in on Japan (score: 0.63)
PROOFPOINT 2016-03-01: Operation Transparent Tribe (score: 0.62)
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy (score: 0.60)
Taiwan targeted with new cyberespionage backdoor Trojan (score: 0.60)
Campaign on the Government of Thailand Delivers Bookworm Trojan (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 11.98

Matched TTPs:

T1597.002 - Purchase Technical Data
T1591.002 - Business Relationships
T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Ember Bear

Score: 5.60

Matched TTPs:

T1491.002 - External Defacement
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Sandworm Team

Score: 21.23

Matched TTPs:

T1491.002 - External Defacement
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships
T1199 - Trusted Relationship
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Salt Typhoon

Score: 6.16

Matched TTPs:

T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

FIN13

Score: 6.16

Matched TTPs:

T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Volt Typhoon

Score: 25.25

Matched TTPs:

T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1590.006 - Network Security Appliances
T1591 - Gather Victim Org Information
T1590 - Gather Victim Network Information
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1596.005 - Scan Databases

MITREへのリンク →

TA2541

Score: 9.13

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1055.012 - Process Hollowing
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 4.29

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 13.39

Matched TTPs:

T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Kimsuky

Score: 21.30

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1596 - Search Open Technical Databases
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1055.012 - Process Hollowing
T1588.003 - Code Signing Certificates

MITREへのリンク →

OilRig

Score: 8.50

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 5.97

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1027.015 - Compression

MITREへのリンク →

Star Blizzard

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains
T1588.002 - Tool

MITREへのリンク →

Threat Group-3390

Score: 19.42

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1588.002 - Tool
T1055.012 - Process Hollowing
T1195.002 - Compromise Software Supply Chain
T1588.003 - Code Signing Certificates
T1027.015 - Compression

MITREへのリンク →

BlackByte

Score: 6.59

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1055.012 - Process Hollowing

MITREへのリンク →

Moonstone Sleet

Score: 10.71

Matched TTPs:

T1608.001 - Upload Malware
T1591 - Gather Victim Org Information
T1195.002 - Compromise Software Supply Chain
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 12.76

Matched TTPs:

T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 10.51

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1591 - Gather Victim Org Information
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

EXOTIC LILY

Score: 9.03

Matched TTPs:

T1608.001 - Upload Malware
T1597 - Search Closed Sources
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 17.02

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1596 - Search Open Technical Databases
T1591 - Gather Victim Org Information
T1199 - Trusted Relationship
T1588.002 - Tool
T1498 - Network Denial of Service

MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

BlackTech

Score: 5.47

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

Magic Hound

Score: 4.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sea Turtle

Score: 9.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1588.002 - Tool
T1608.003 - Install Digital Certificate

MITREへのリンク →

menuPass

Score: 8.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 7.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leviathan

Score: 4.62

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.015 - Compression

MITREへのリンク →

UNC3886

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data

MITREへのリンク →

Dragonfly

Score: 9.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

APT41

Score: 9.38

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1596.005 - Scan Databases

MITREへのリンク →

HAFNIUM

Score: 8.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1590 - Gather Victim Network Information
T1199 - Trusted Relationship

MITREへのリンク →

APT33

Score: 4.98

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool

MITREへのリンク →

Wizard Spider

Score: 8.13

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

Lazarus Group

Score: 10.79

Matched TTPs:

T1591 - Gather Victim Org Information
T1588.002 - Tool
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 3.84

Matched TTPs:

T1590 - Gather Victim Network Information

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Storm-1811

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Scattered Spider

Score: 5.39

Matched TTPs:

T1588.002 - Tool
T1538 - Cloud Service Dashboard

MITREへのリンク →

FIN8

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

FIN6

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Patchwork

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Cobalt Group

Score: 3.78

Matched TTPs:

T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.82

Matched TTPs:

T1590.006 - Network Security Appliances
T1190 - Exploit Public-Facing Application
T1593 - Search Open Websites/Domains
T1590.004 - Network Topology
T1590 - Gather Victim Network Information
T1591 - Gather Victim Org Information
T1588.002 - Tool
T1596.005 - Scan Databases

MITREへのリンク →

Sandworm Team

Score: 0.74

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.001 - Upload Malware
T1491.002 - External Defacement
T1593 - Search Open Websites/Domains
T1199 - Trusted Relationship
T1591.002 - Business Relationships
T1195.002 - Compromise Software Supply Chain
T1588.002 - Tool

MITREへのリンク →

Kimsuky

Score: 0.71

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains
T1596 - Search Open Technical Databases
T1055.012 - Process Hollowing
T1588.003 - Code Signing Certificates
T1591 - Gather Victim Org Information
T1588.002 - Tool

MITREへのリンク →

Threat Group-3390

Score: 0.70

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.001 - Upload Malware
T1199 - Trusted Relationship
T1055.012 - Process Hollowing
T1588.003 - Code Signing Certificates
T1027.015 - Compression
T1195.002 - Compromise Software Supply Chain
T1588.002 - Tool

MITREへのリンク →

APT28

Score: 0.60

Matched TTPs:

T1498 - Network Denial of Service
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1596 - Search Open Technical Databases
T1591 - Gather Victim Org Information
T1588.002 - Tool

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る