Trusted Design

Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey

概要

A series of middleboxes on Türk Telekom’s network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware. The spyware we found bundled by operators was similar to that used in the StrongPity APT attacks. Before switching to the StrongPity spyware, the operators of the Turkey injection used the FinFisher “lawful intercept” spyware, which FinFisher asserts is sold only to government entities.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 20.42
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 6.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 16.43
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 5.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 18.35
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1016 - System Network Configuration Discovery
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 21.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Star Blizzard

Score: 5.86
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN13

Score: 7.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moonstone Sleet

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Lazarus Group

Score: 18.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
MITREへのリンク →

OilRig

Score: 10.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

UNC3886

Score: 7.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 10.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 11.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 4.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 15.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1587 - Develop Capabilities
MITREへのリンク →

Ke3chang

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 17.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 8.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1071.003 - Mail Protocols
MITREへのリンク →

FIN7

Score: 22.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA2541

Score: 9.75
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Earth Lusca

Score: 8.76
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

LazyScripter

Score: 6.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 13.54
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Threat Group-3390

Score: 9.92
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 8.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 8.21
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
MITREへのリンク →

BlackByte

Score: 9.75
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.010 - Downgrade Attack
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 11.45
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 7.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Rocke

Score: 4.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 9.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 24.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

BackdoorDiplomacy

Score: 7.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 14.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
MITREへのリンク →

Medusa Group

Score: 8.46
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Leviathan

Score: 5.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1587 - Develop Capabilities
MITREへのリンク →

Dragonfly

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 6.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

HAFNIUM

Score: 10.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT5

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
MITREへのリンク →

MuddyWater

Score: 10.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 4.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT38

Score: 3.31
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
MITREへのリンク →

Silence

Score: 3.31
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
MITREへのリンク →

Wizard Spider

Score: 6.24
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
MITREへのリンク →

Cobalt Group

Score: 4.80
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.35
Matched TTPs:
  • T1684 - Social Engineering
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 9.88
Matched TTPs:
  • T1569.003 - Systemctl
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 7.80
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 4.41
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Darkhotel

Score: 5.63
Matched TTPs:
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

BRONZE BUTLER

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Tropic Trooper

Score: 13.46
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Transparent Tribe

Score: 4.16
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1199 - Trusted Relationship
  • T1546.007 - Netsh Helper DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

FIN7

Score: 0.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1564.002 - Hidden Users
  • T1105 - Ingress Tool Transfer
  • T1199 - Trusted Relationship
  • T1011.001 - Exfiltration Over Bluetooth
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

Sandworm Team

Score: 0.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1187 - Forced Authentication
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

Kimsuky

Score: 0.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
  • T1684 - Social Engineering
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

Mustang Panda

Score: 0.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1199 - Trusted Relationship
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
  • T1608.005 - Link Target
  • T1567.002 - Exfiltration to Cloud Storage
  • T1547.002 - Authentication Package
MITREへのリンク →

Contagious Interview

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1016 - System Network Configuration Discovery
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1608.005 - Link Target
  • T1562.010 - Downgrade Attack
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Turla

Score: 0.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

Ember Bear

Score: 0.56
Matched TTPs:
  • T1003.003 - NTDS
  • T1005 - Data from Local System
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る