Trusted Design

Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal

概要

Over the course of 2016 — and particularly intensifying towards the end of the year — several individuals known to Amnesty International were approached via email and through social media by “Safeena Malik”, seemingly an enthusiastic activist with a strong interest in human rights. What lied beneath this facade was a well-engineered campaign of phishing attacks designed to steal credentials and spy on the activity of dozens of journalists, human rights defenders, trade unions and labour rights activists, many of whom are seemingly involved in the issue of migrants’ rights in Qatar and Nepal.

Created: 2026-02-23

Indicators

類似Pulses

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.64)
Amnesty International Among Targets of NSO-powered Campaign (score: 0.61)
Attacks Against the Mongolian Government (score: 0.60)
NSO-powered Campaign (score: 0.60)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 3.83

Matched TTPs:

T1565 - Data Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

Scattered Spider

Score: 10.32

Matched TTPs:

T1565 - Data Manipulation
T1197 - BITS Jobs
T1027.002 - Software Packing

MITREへのリンク →

Medusa Group

Score: 5.09

Matched TTPs:

T1565 - Data Manipulation
T1128 - Netsh Helper DLL

MITREへのリンク →

EXOTIC LILY

Score: 3.83

Matched TTPs:

T1565 - Data Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 14.43

Matched TTPs:

T1565 - Data Manipulation
T1197 - BITS Jobs
T1526 - Cloud Service Discovery
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

Leviathan

Score: 3.83

Matched TTPs:

T1565 - Data Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 6.67

Matched TTPs:

T1565 - Data Manipulation
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

APT32

Score: 6.50

Matched TTPs:

T1565 - Data Manipulation
T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Moonstone Sleet

Score: 5.78

Matched TTPs:

T1565 - Data Manipulation
T1197 - BITS Jobs

MITREへのリンク →

APT28

Score: 9.47

Matched TTPs:

T1218.010 - Regsvr32
T1197 - BITS Jobs
T1146 - Clear Command History

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

APT29

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Patchwork

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Higaisa

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

Mustang Panda

Score: 4.65

Matched TTPs:

T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 9.74

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

OilRig

Score: 11.01

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1128 - Netsh Helper DLL
T1526 - Cloud Service Discovery

MITREへのリンク →

ZIRCONIUM

Score: 3.44

Matched TTPs:

T1197 - BITS Jobs

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Turla

Score: 6.29

Matched TTPs:

T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 6.77

Matched TTPs:

T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84

Matched TTPs:

T1490 - Inhibit System Recovery
T1665 - Hide Infrastructure
T1565 - Data Manipulation
T1526 - Cloud Service Discovery
T1197 - BITS Jobs

MITREへのリンク →

OilRig

Score: 0.66

Matched TTPs:

T1218.010 - Regsvr32
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery
T1128 - Netsh Helper DLL

MITREへのリンク →

Scattered Spider

Score: 0.60

Matched TTPs:

T1197 - BITS Jobs
T1027.002 - Software Packing
T1565 - Data Manipulation

MITREへのリンク →

APT28

Score: 0.57

Matched TTPs:

T1197 - BITS Jobs
T1218.010 - Regsvr32
T1146 - Clear Command History

MITREへのリンク →

Tropic Trooper

Score: 0.57

Matched TTPs:

T1490 - Inhibit System Recovery
T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1128 - Netsh Helper DLL

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る