Trusted Design

Indian organizations targeted in Suckfly attacks

概要

In March 2016, Symantec published a blog on Suckfly, an advanced cyberespionage group that conducted attacks against a number of South Korean organizations to steal digital certificates. Since then we have identified a number of attacks over a two-year period, beginning in April 2014, which we attribute to Suckfly. The attacks targeted high-profile targets, including government and commercial organizations. These attacks occurred in several different countries, but our investigation revealed that the primary targets were individuals and organizations primarily located in India. While there have been several Suckfly campaigns that infected organizations with the group’s custom malware Backdoor.Nidiran, the Indian targets show a greater amount of post-infection activity than targets in other regions. This suggests that these attacks were part of a planned operation against specific targets in India.

Created: 2026-02-23

Indicators

類似Pulses

Tick cyberespionage group zeros in on Japan (score: 0.63)
PROOFPOINT 2016-03-01: Operation Transparent Tribe (score: 0.62)
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy (score: 0.60)
Taiwan targeted with new cyberespionage backdoor Trojan (score: 0.60)
Campaign on the Government of Thailand Delivers Bookworm Trojan (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 11.98

Matched TTPs:

T1216.001 - PubPrn
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

Ember Bear

Score: 5.60

Matched TTPs:

T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Sandworm Team

Score: 21.23

Matched TTPs:

T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1573 - Encrypted Channel

MITREへのリンク →

Salt Typhoon

Score: 6.16

Matched TTPs:

T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

FIN13

Score: 6.16

Matched TTPs:

T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 25.25

Matched TTPs:

T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1164 - Re-opened Applications
T1057 - Process Discovery
T1552.008 - Chat Messages
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1574.002 - DLL Side-Loading

MITREへのリンク →

TA2541

Score: 9.13

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 4.29

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 13.39

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage

MITREへのリンク →

Kimsuky

Score: 21.30

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1152 - Launchctl
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1526 - Cloud Service Discovery

MITREへのリンク →

OilRig

Score: 8.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 5.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1546.017 - Udev Rules

MITREへのリンク →

Star Blizzard

Score: 6.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1199 - Trusted Relationship

MITREへのリンク →

Threat Group-3390

Score: 19.42

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1573 - Encrypted Channel
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

BlackByte

Score: 6.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1001 - Data Obfuscation

MITREへのリンク →

Moonstone Sleet

Score: 10.71

Matched TTPs:

T1091 - Replication Through Removable Media
T1057 - Process Discovery
T1573 - Encrypted Channel
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 12.76

Matched TTPs:

T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 10.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1199 - Trusted Relationship
T1573 - Encrypted Channel

MITREへのリンク →

EXOTIC LILY

Score: 9.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1149 - LC_MAIN Hijacking
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 17.02

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1152 - Launchctl
T1057 - Process Discovery
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1146 - Clear Command History

MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1573 - Encrypted Channel

MITREへのリンク →

BlackTech

Score: 5.47

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Magic Hound

Score: 4.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Sea Turtle

Score: 9.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1685 - Disable or Modify Tools

MITREへのリンク →

menuPass

Score: 8.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 7.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Leviathan

Score: 4.62

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1546.017 - Udev Rules

MITREへのリンク →

UNC3886

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management

MITREへのリンク →

Dragonfly

Score: 9.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1199 - Trusted Relationship
T1573 - Encrypted Channel

MITREへのリンク →

APT41

Score: 9.38

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1574.002 - DLL Side-Loading

MITREへのリンク →

HAFNIUM

Score: 8.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.008 - Chat Messages
T1122 - Component Object Model Hijacking

MITREへのリンク →

APT33

Score: 4.98

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship

MITREへのリンク →

Wizard Spider

Score: 8.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Lazarus Group

Score: 10.79

Matched TTPs:

T1057 - Process Discovery
T1199 - Trusted Relationship
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Indrik Spider

Score: 3.84

Matched TTPs:

T1552.008 - Chat Messages

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

Storm-1811

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Scattered Spider

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1027.002 - Software Packing

MITREへのリンク →

FIN8

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

FIN6

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Patchwork

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Cobalt Group

Score: 3.78

Matched TTPs:

T1199 - Trusted Relationship
T1573 - Encrypted Channel

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.82

Matched TTPs:

T1164 - Re-opened Applications
T1199 - Trusted Relationship
T1552.008 - Chat Messages
T1102.003 - One-Way Communication
T1057 - Process Discovery
T1140 - Deobfuscate/Decode Files or Information
T1553.002 - Code Signing
T1574.002 - DLL Side-Loading

MITREへのリンク →

Sandworm Team

Score: 0.74

Matched TTPs:

T1199 - Trusted Relationship
T1193 - Spearphishing Attachment
T1573 - Encrypted Channel
T1122 - Component Object Model Hijacking
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1140 - Deobfuscate/Decode Files or Information
T1564.008 - Email Hiding Rules

MITREへのリンク →

Kimsuky

Score: 0.71

Matched TTPs:

T1199 - Trusted Relationship
T1152 - Launchctl
T1001 - Data Obfuscation
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1526 - Cloud Service Discovery
T1057 - Process Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Threat Group-3390

Score: 0.70

Matched TTPs:

T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1001 - Data Obfuscation
T1122 - Component Object Model Hijacking
T1091 - Replication Through Removable Media
T1526 - Cloud Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1546.017 - Udev Rules

MITREへのリンク →

APT28

Score: 0.60

Matched TTPs:

T1199 - Trusted Relationship
T1152 - Launchctl
T1122 - Component Object Model Hijacking
T1146 - Clear Command History
T1057 - Process Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る