Trusted Design

Threat Spotlight: Group 72 Opening the ZxShell (2014)

概要

Recently, there was a blog post on the takedown of a botnet used by threat actor group known as Group 72 and their involvement in Operation SMN. This group is sophisticated, well funded, and exclusively targets high profile organizations with high value intellectual property in the manufacturing, industrial, aerospace, defense, and media sector. The primary attack vectors are watering-hole, spear phishing, and other web-based attacks.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

New Attacks Linked to C0d0s0 Group (score: 0.66)
Threat Group-3390 Targets Organizations for Cyberespionage (score: 0.66)
SPEAR: A Threat Actor Resurfaces (score: 0.65)
Targets Middle Eastern Telecommunications Companies (score: 0.62)
Callisto Group (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 14.75

Matched TTPs:

T1216.001 - PubPrn
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1065 - Uncommonly Used Port

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1564.008 - Email Hiding Rules

MITREへのリンク →

Sandworm Team

Score: 25.71

Matched TTPs:

T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1102.003 - One-Way Communication
T1565 - Data Manipulation

MITREへのリンク →

Silent Librarian

Score: 5.74

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link

MITREへのリンク →

Kimsuky

Score: 23.95

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1565 - Data Manipulation
T1690 - Prevent Command History Logging
T1197 - BITS Jobs

MITREへのリンク →

Volt Typhoon

Score: 17.10

Matched TTPs:

T1114 - Email Collection
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1065 - Uncommonly Used Port

MITREへのリンク →

EXOTIC LILY

Score: 11.99

Matched TTPs:

T1114 - Email Collection
T1565 - Data Manipulation
T1690 - Prevent Command History Logging
T1547.008 - LSASS Driver

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target

MITREへのリンク →

Scattered Spider

Score: 8.24

Matched TTPs:

T1566.002 - Spearphishing Link
T1565 - Data Manipulation
T1197 - BITS Jobs

MITREへのリンク →

Mustang Panda

Score: 11.89

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1055.005 - Thread Local Storage

MITREへのリンク →

ZIRCONIUM

Score: 7.91

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1197 - BITS Jobs

MITREへのリンク →

APT32

Score: 6.81

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1565 - Data Manipulation

MITREへのリンク →

Magic Hound

Score: 9.33

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 18.48

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1122 - Component Object Model Hijacking
T1197 - BITS Jobs
T1146 - Clear Command History

MITREへのリンク →

Star Blizzard

Score: 8.08

Matched TTPs:

T1566.002 - Spearphishing Link
T1102.003 - One-Way Communication
T1565 - Data Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 14.05

Matched TTPs:

T1566.002 - Spearphishing Link
T1057 - Process Discovery
T1565 - Data Manipulation
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 10.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.001 - Compiled HTML File
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 6.30

Matched TTPs:

T1566.002 - Spearphishing Link
T1193 - Spearphishing Attachment

MITREへのリンク →

UNC3886

Score: 8.26

Matched TTPs:

T1021.006 - Windows Remote Management
T1547.015 - Login Items

MITREへのリンク →

Contagious Interview

Score: 18.14

Matched TTPs:

T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1565 - Data Manipulation
T1690 - Prevent Command History Logging
T1547.008 - LSASS Driver

MITREへのリンク →

HAFNIUM

Score: 8.38

Matched TTPs:

T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

Axiom

Score: 8.16

Matched TTPs:

T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1547.015 - Login Items

MITREへのリンク →

Earth Lusca

Score: 5.63

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File

MITREへのリンク →

Medusa Group

Score: 7.10

Matched TTPs:

T1608.005 - Link Target
T1565 - Data Manipulation
T1128 - Netsh Helper DLL

MITREへのリンク →

Turla

Score: 5.63

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File

MITREへのリンク →

APT29

Score: 7.28

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 8.92

Matched TTPs:

T1608.005 - Link Target
T1057 - Process Discovery
T1065 - Uncommonly Used Port

MITREへのリンク →

Lazarus Group

Score: 14.29

Matched TTPs:

T1608.005 - Link Target
T1057 - Process Discovery
T1565 - Data Manipulation
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 5.16

Matched TTPs:

T1608.005 - Link Target
T1546.017 - Udev Rules

MITREへのリンク →

POLONIUM

Score: 4.76

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

TA2541

Score: 7.91

Matched TTPs:

T1608.005 - Link Target
T1128 - Netsh Helper DLL
T1546.017 - Udev Rules

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

Wizard Spider

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

Threat Group-3390

Score: 5.90

Matched TTPs:

T1122 - Component Object Model Hijacking
T1546.017 - Udev Rules

MITREへのリンク →

RedCurl

Score: 5.49

Matched TTPs:

T1122 - Component Object Model Hijacking
T1128 - Netsh Helper DLL

MITREへのリンク →

Winter Vivern

Score: 3.62

Matched TTPs:

T1218.001 - Compiled HTML File

MITREへのリンク →

HEXANE

Score: 5.96

Matched TTPs:

T1565 - Data Manipulation
T1065 - Uncommonly Used Port

MITREへのリンク →

Leviathan

Score: 5.49

Matched TTPs:

T1565 - Data Manipulation
T1546.017 - Udev Rules

MITREへのリンク →

Storm-1811

Score: 7.06

Matched TTPs:

T1567.003 - Exfiltration to Text Storage Sites
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85

Matched TTPs:

T1122 - Component Object Model Hijacking
T1102.003 - One-Way Communication
T1566.002 - Spearphishing Link
T1565 - Data Manipulation
T1193 - Spearphishing Attachment
T1114 - Email Collection
T1049 - System Network Connections Discovery
T1564.008 - Email Hiding Rules

MITREへのリンク →

Kimsuky

Score: 0.80

Matched TTPs:

T1197 - BITS Jobs
T1690 - Prevent Command History Logging
T1102.003 - One-Way Communication
T1566.002 - Spearphishing Link
T1057 - Process Discovery
T1565 - Data Manipulation
T1114 - Email Collection
T1608.005 - Link Target

MITREへのリンク →

APT28

Score: 0.65

Matched TTPs:

T1122 - Component Object Model Hijacking
T1197 - BITS Jobs
T1566.002 - Spearphishing Link
T1057 - Process Discovery
T1608.005 - Link Target
T1146 - Clear Command History

MITREへのリンク →

Contagious Interview

Score: 0.61

Matched TTPs:

T1690 - Prevent Command History Logging
T1565 - Data Manipulation
T1102.003 - One-Way Communication
T1608.005 - Link Target
T1547.008 - LSASS Driver
T1021.006 - Windows Remote Management

MITREへのリンク →

Volt Typhoon

Score: 0.59

Matched TTPs:

T1102.003 - One-Way Communication
T1057 - Process Discovery
T1114 - Email Collection
T1049 - System Network Connections Discovery
T1065 - Uncommonly Used Port

MITREへのリンク →

Lazarus Group

Score: 0.56

Matched TTPs:

T1055.005 - Thread Local Storage
T1565 - Data Manipulation
T1057 - Process Discovery
T1608.005 - Link Target
T1547.008 - LSASS Driver

MITREへのリンク →

LAPSUS$

Score: 0.55

Matched TTPs:

T1122 - Component Object Model Hijacking
T1216.001 - PubPrn
T1193 - Spearphishing Attachment
T1065 - Uncommonly Used Port

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る