Trusted Design

Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal

概要

Over the course of 2016 — and particularly intensifying towards the end of the year — several individuals known to Amnesty International were approached via email and through social media by “Safeena Malik”, seemingly an enthusiastic activist with a strong interest in human rights. What lied beneath this facade was a well-engineered campaign of phishing attacks designed to steal credentials and spy on the activity of dozens of journalists, human rights defenders, trade unions and labour rights activists, many of whom are seemingly involved in the issue of migrants’ rights in Qatar and Nepal.

Created: 2026-02-23

Indicators

類似Pulses

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.64)
Amnesty International Among Targets of NSO-powered Campaign (score: 0.61)
Attacks Against the Mongolian Government (score: 0.60)
NSO-powered Campaign (score: 0.60)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 3.83

Matched TTPs:

T1585.001 - Social Media Accounts
T1203 - Exploitation for Client Execution

MITREへのリンク →

Scattered Spider

Score: 10.32

Matched TTPs:

T1585.001 - Social Media Accounts
T1598 - Phishing for Information
T1538 - Cloud Service Dashboard

MITREへのリンク →

Medusa Group

Score: 5.09

Matched TTPs:

T1585.001 - Social Media Accounts
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

EXOTIC LILY

Score: 3.83

Matched TTPs:

T1585.001 - Social Media Accounts
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 14.43

Matched TTPs:

T1585.001 - Social Media Accounts
T1598 - Phishing for Information
T1588.003 - Code Signing Certificates
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Leviathan

Score: 3.83

Matched TTPs:

T1585.001 - Social Media Accounts
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 6.67

Matched TTPs:

T1585.001 - Social Media Accounts
T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

APT32

Score: 6.50

Matched TTPs:

T1585.001 - Social Media Accounts
T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Moonstone Sleet

Score: 5.78

Matched TTPs:

T1585.001 - Social Media Accounts
T1598 - Phishing for Information

MITREへのリンク →

APT28

Score: 9.47

Matched TTPs:

T1203 - Exploitation for Client Execution
T1598 - Phishing for Information
T1498 - Network Denial of Service

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

APT29

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Patchwork

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Higaisa

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Mustang Panda

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 9.74

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

OilRig

Score: 11.01

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates

MITREへのリンク →

ZIRCONIUM

Score: 3.44

Matched TTPs:

T1598 - Phishing for Information

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 6.29

Matched TTPs:

T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 6.77

Matched TTPs:

T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84

Matched TTPs:

T1680 - Local Storage Discovery
T1078.003 - Local Accounts
T1598 - Phishing for Information
T1585.001 - Social Media Accounts
T1588.003 - Code Signing Certificates

MITREへのリンク →

OilRig

Score: 0.66

Matched TTPs:

T1555.004 - Windows Credential Manager
T1573.002 - Asymmetric Cryptography
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Scattered Spider

Score: 0.60

Matched TTPs:

T1585.001 - Social Media Accounts
T1598 - Phishing for Information
T1538 - Cloud Service Dashboard

MITREへのリンク →

APT28

Score: 0.57

Matched TTPs:

T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1598 - Phishing for Information

MITREへのリンク →

Tropic Trooper

Score: 0.57

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1680 - Local Storage Discovery
T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る