Trusted Design

Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware - The Citizen Lab

概要

Over 76 messages with links to NSO Group’s exploit framework were sent to Mexican journalists, lawyers, and a minor child (NSO Group is a self-described “cyber warfare” company that sells government-exclusive spyware). The targets were working on a range of issues that include investigations of corruption by the Mexican President, and the participation of Mexico’s Federal authorities in human rights abuses. Some of the messages impersonated the Embassy of the United States of America to Mexico, others masqueraded as emergency AMBER Alerts about abducted children. At least one target, the minor child of a target, was sent infection attempts, including a communication impersonating the United States Government, while physically located in the United States.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware (score: 0.90)
Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware (score: 0.81)
Lawyers For Murdered Mexican Women’s Families Targeted with NSO Spyware (score: 0.77)
Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links (score: 0.72)
Mexican Journalists targeted with NSO Group Malware (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 8.38

Matched TTPs:

T1597.002 - Purchase Technical Data
T1591.002 - Business Relationships

MITREへのリンク →

Confucius

Score: 5.64

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1680 - Local Storage Discovery

MITREへのリンク →

Kimsuky

Score: 26.45

Matched TTPs:

T1566.002 - Spearphishing Link
T1591 - Gather Victim Org Information
T1593.001 - Social Media
T1598 - Phishing for Information
T1585 - Establish Accounts
T1204.001 - Malicious Link
T1680 - Local Storage Discovery
T1588.005 - Exploits
T1078.003 - Local Accounts

MITREへのリンク →

FIN7

Score: 12.20

Matched TTPs:

T1566.002 - Spearphishing Link
T1591 - Gather Victim Org Information
T1204.001 - Malicious Link
T1008 - Fallback Channels
T1078.003 - Local Accounts

MITREへのリンク →

Sandworm Team

Score: 6.65

Matched TTPs:

T1566.002 - Spearphishing Link
T1591.002 - Business Relationships
T1204.001 - Malicious Link

MITREへのリンク →

Mustang Panda

Score: 10.78

Matched TTPs:

T1566.002 - Spearphishing Link
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

APT32

Score: 5.47

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

Lazarus Group

Score: 21.51

Matched TTPs:

T1566.002 - Spearphishing Link
T1591 - Gather Victim Org Information
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels
T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT33

Score: 6.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1552.006 - Group Policy Preferences
T1204.001 - Malicious Link

MITREへのリンク →

ZIRCONIUM

Score: 6.25

Matched TTPs:

T1566.002 - Spearphishing Link
T1598 - Phishing for Information
T1204.001 - Malicious Link

MITREへのリンク →

EXOTIC LILY

Score: 9.17

Matched TTPs:

T1566.002 - Spearphishing Link
T1593.001 - Social Media
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Magic Hound

Score: 9.87

Matched TTPs:

T1566.002 - Spearphishing Link
T1591.001 - Determine Physical Locations
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 8.77

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 5.33

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 8.00

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

Storm-1811

Score: 3.97

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 5.47

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 6.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1552.006 - Group Policy Preferences
T1204.001 - Malicious Link

MITREへのリンク →

Patchwork

Score: 5.64

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1680 - Local Storage Discovery

MITREへのリンク →

Fox Kitten

Score: 6.72

Matched TTPs:

T1217 - Browser Information Discovery
T1585 - Establish Accounts

MITREへのリンク →

Volt Typhoon

Score: 13.54

Matched TTPs:

T1217 - Browser Information Discovery
T1591 - Gather Victim Org Information
T1614 - System Location Discovery
T1680 - Local Storage Discovery

MITREへのリンク →

APT38

Score: 4.65

Matched TTPs:

T1217 - Browser Information Discovery
T1204.001 - Malicious Link

MITREへのリンク →

Scattered Spider

Score: 6.72

Matched TTPs:

T1217 - Browser Information Discovery
T1598 - Phishing for Information

MITREへのリンク →

Moonstone Sleet

Score: 12.53

Matched TTPs:

T1217 - Browser Information Discovery
T1591 - Gather Victim Org Information
T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

Chimera

Score: 6.12

Matched TTPs:

T1217 - Browser Information Discovery
T1680 - Local Storage Discovery

MITREへのリンク →

UNC3886

Score: 7.57

Matched TTPs:

T1681 - Search Threat Vendor Data
T1008 - Fallback Channels

MITREへのリンク →

Contagious Interview

Score: 15.30

Matched TTPs:

T1681 - Search Threat Vendor Data
T1593.001 - Social Media
T1585 - Establish Accounts
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 3.84

Matched TTPs:

T1591.002 - Business Relationships

MITREへのリンク →

APT28

Score: 8.08

Matched TTPs:

T1591 - Gather Victim Org Information
T1598 - Phishing for Information
T1204.001 - Malicious Link

MITREへのリンク →

Higaisa

Score: 6.68

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1680 - Local Storage Discovery

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1614 - System Location Discovery

MITREへのリンク →

Ember Bear

Score: 7.57

Matched TTPs:

T1585 - Establish Accounts
T1588.005 - Exploits

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

APT41

Score: 3.44

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

Tropic Trooper

Score: 5.50

Matched TTPs:

T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82

Matched TTPs:

T1680 - Local Storage Discovery
T1588.005 - Exploits
T1078.003 - Local Accounts
T1591 - Gather Victim Org Information
T1585 - Establish Accounts
T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1598 - Phishing for Information
T1593.001 - Social Media

MITREへのリンク →

Lazarus Group

Score: 0.70

Matched TTPs:

T1680 - Local Storage Discovery
T1591 - Gather Victim Org Information
T1566.002 - Spearphishing Link
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service
T1027.007 - Dynamic API Resolution
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る