Trusted Design

Threat actor goes on a Chrome extension hijacking spree

概要

Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools. At the end of July and beginning of August, several Chrome Extensions were compromised after their author’s Google Account credentials were stolen via a phishing scheme. This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft. We specifically examined the “Web Developer 0.4.9” extension compromise, but found evidence that “Chrometana 1.1.3”, “Infinity New Tab 3.12.3” [8][10] , “CopyFish 2.8.5” [9], “Web Paint 1.2.1” [11], and “Social Fixer 20.1.1” [12] were modified using the same modus operandi by the same actor. We believe that the Chrome Extensions TouchVPN and Betternet VPN were also compromised in the same way at the end of June.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 27.12
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1565 - Data Manipulation
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 13.45
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1491 - Defacement
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 28.20
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

ZIRCONIUM

Score: 14.71
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 27.28
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1554 - Compromise Host Software Binary
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 7.08
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 30.44
Matched TTPs:
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1602.002 - Network Device Configuration Dump
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sidewinder

Score: 4.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 18.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1565 - Data Manipulation
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 17.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1136.001 - Local Account
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 22.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Magic Hound

Score: 22.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 4.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1565 - Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 15.23
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1565 - Data Manipulation
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 10.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 15.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 6.49
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 4.40
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 6.29
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 16.32
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Threat Group-3390

Score: 11.10
Matched TTPs:
  • T1218.003 - CMSTP
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Fox Kitten

Score: 6.40
Matched TTPs:
  • T1491 - Defacement
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 5.83
Matched TTPs:
  • T1491 - Defacement
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 7.50
Matched TTPs:
  • T1491 - Defacement
  • T1592.003 - Firmware
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 10.70
Matched TTPs:
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 10.79
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 7.88
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 3.30
Matched TTPs:
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 6.88
Matched TTPs:
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 3.30
Matched TTPs:
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 8.89
Matched TTPs:
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-0501

Score: 5.27
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
MITREへのリンク →

Play

Score: 5.97
Matched TTPs:
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Earth Lusca

Score: 10.23
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

HAFNIUM

Score: 12.25
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Turla

Score: 22.62
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 6.68
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 13.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Lazarus Group

Score: 27.60
Matched TTPs:
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Confucius

Score: 4.28
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 9.32
Matched TTPs:
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

LAPSUS$

Score: 7.57
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1592.003 - Firmware
MITREへのリンク →

EXOTIC LILY

Score: 3.83
Matched TTPs:
  • T1565 - Data Manipulation
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 5.52
Matched TTPs:
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 3.52
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 7.94
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 4.24
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

WIRTE

Score: 3.52
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT41

Score: 5.20
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 8.30
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 6.43
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 6.10
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Andariel

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 8.27
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
MITREへのリンク →

APT3

Score: 5.89
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 4.16
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Transparent Tribe

Score: 5.92
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 7.60
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Elderwood

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 10.43
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Wizard Spider

Score: 4.40
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 4.40
Matched TTPs:
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Indrik Spider

Score: 3.61
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 3.44
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 3.44
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 5.59
Matched TTPs:
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79
Matched TTPs:
  • T1608.005 - Link Target
  • T1552.003 - Shell History
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1602.002 - Network Device Configuration Dump
  • T1565 - Data Manipulation
  • T1490 - Inhibit System Recovery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 0.77
Matched TTPs:
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.012 - Hypervisor CLI
  • T1592.003 - Firmware
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Sandworm Team

Score: 0.74
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1016.002 - Wi-Fi Discovery
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1565 - Data Manipulation
  • T1573 - Encrypted Channel
  • T1484.002 - Trust Modification
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Leviathan

Score: 0.72
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1059.012 - Hypervisor CLI
  • T1554 - Compromise Host Software Binary
  • T1592.003 - Firmware
MITREへのリンク →

Lazarus Group

Score: 0.72
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
  • T1218.010 - Regsvr32
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1069.001 - Local Groups
MITREへのリンク →

APT32

Score: 0.63
Matched TTPs:
  • T1608.005 - Link Target
  • T1105 - Ingress Tool Transfer
  • T1592.004 - Client Configurations
  • T1566.002 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1565 - Data Manipulation
  • T1490 - Inhibit System Recovery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 0.63
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
  • T1218.001 - Compiled HTML File
  • T1490 - Inhibit System Recovery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Magic Hound

Score: 0.61
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1016.002 - Wi-Fi Discovery
  • T1578.002 - Create Cloud Instance
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1592.003 - Firmware
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1565 - Data Manipulation
  • T1491 - Defacement
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る