【別名情報】
名称 | 別名 | 備考 |
---|---|---|
Lazarus | Hidden Cobra, Dark Seoul, Silent Chollima, Hastati, Bureau 121, Whois Hacking Team, Unit 121,NewRomanic Cyber Army Team | |
Bluenoroff | Lazarusの分派 | |
Andariel | Lazarusの分派 | |
Kimsuki | ||
APT38 | TEMP.Hermit | |
OnionDog | ||
APT37 | Reaper, Scarcruft, Group123, Ricochet Chollima, Red Eyes, Dark Sleeper |
【参考情報】
■Lazarus
別名: Hidden Cobra, Dark Seoul, Silent Chollima, Hastati, Bureau 121, Whois Hacking Team, Unit 121,NewRomanic Cyber Army Team
作戦: Operation Troy, Operation-Blockbuster, Tdrop, Tdrop2, Troy
◆Dissecting Operation Troy: Cyberespionage in South Korea (McAfee)
https://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf
◆TDrop2 Attacks Suggest Dark Seoul Attackers Return (paloalto, 2015/11/18)
https://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/
⇒ http://malware-log.hatenablog.com/entry/2015/11/18/000000_2
◆Operation Blockbuster (Novetta)
https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
⇒ http://malware-log.hatenablog.com/entry/2016/02/01/000000
◆HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (US-CERT, 2017/06/13)
https://www.us-cert.gov/ncas/alerts/TA17-164A
■Bluenoroff
位置づけ: Lazarusの分派
◆Lazarus Under The Hood (SecureList, 2017/04/03)
https://securelist.com/lazarus-under-the-hood/77908/
https://securelist.com/files/2017/04/Lazarus_Under_The_Hood_PDF_final.pdf
⇒ http://malware-log.hatenablog.com/entry/2017/04/03/000000_1
■Kimsuki
◆The “Kimsuky” Operation: A North Korean APT? (SecureList, 2013/09/11 20:10)
https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
⇒ http://malware-log.hatenablog.com/entry/2013/09/11/000000_1
■TEMP.Hermit
◆Sony hackers alive and well, say Kaspersky and AlienVault (SC Media, 2016/02/16)
https://www.scmagazine.com/sony-hackers-are-still-hacking-researchers-say/article/528382/
■OnionDog
◆Korean Energy and Transportation Targets Attacked by OnionDog APT (Softpedia News, 2016/03/09 13:30)
http://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml
⇒ http://malware-log.hatenablog.com/entry/2016/03/09/000000
■ APT37
別名: Reaper, Scarcruft, Group123, Ricochet Chollima, Red Eyes, Dark Sleeper
◆APT37 (まとめ)
http://malware-log.hatenablog.com/entry/APT37
◆APT37 (REAPER) (FireEye, 2018/02/21)
知られざる北朝鮮の攻撃グループ
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt37-JP.pdf
◆APT37 (FireEye)
https://www.fireeye.com/current-threats/apt-groups.html
◆CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks (SecureList, 2016/06/14)
https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/
◆Flashゼロデイ攻撃、APTグループ「ScarCruft」関与か - EMETで回避可能 (Security NEXT, 2016/06/15)
http://www.security-next.com/070993
◆APT Group Uses Flash Zero-Day to Attack High-Profile Targets (SECURITYWEEK, 2016/06/15)
http://www.securityweek.com/apt-group-uses-flash-zero-day-attack-high-profile-targets
◆Operation Daybreak (SECURELIST, 2016/06/17)
Flash zero-day exploit deployed by the ScarCruft APT Group
https://securelist.com/blog/research/75100/operation-daybreak/
◆Adobe Flash Player 22.0.0.192 release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. (Security Affairs, 2016/06/19)
http://securityaffairs.co/wordpress/48531/cyber-crime/flash-zero-day-scarcruft.html
◆North Korean hackers belonging to the North Korea Group 123 have conducted at least six different massive malware campaigns during 2017. (Security Affairs, 2018/01/18)
http://securityaffairs.co/wordpress/67895/hacking/north-korea-group-123.html
◆Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild (Security Affairs, 2018/02/05)
http://securityaffairs.co/wordpress/68718/hacking/north-korea-adobe-flash-0day.html
◆THE TOOLSET OF AN ELITE NORTH KOREAN HACKER GROUP ON THE RISE (WIRED, 2018/02/20)
https://www.wired.com/story/north-korean-hacker-group-apt37/
◆North Korean APT Group tracked as APT37 broadens its horizons (Security Affairs, 2018/02/21)
http://securityaffairs.co/wordpress/69339/apt/apt37-broadens-horizons.html
◆北朝鮮 ハッカー集団、国家ぐるみで日本に攻撃か (毎日新聞, 2018/02/22)
https://mainichi.jp/articles/20180222/ddm/007/030/070000c
◆北朝鮮のサイバー攻撃グループ「APT37」が活発化 (THE ZERO/ONE, 2018/03/02)
https://the01.jp/p0006529/
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
◆攻撃者の情報 (まとめ)
http://malware-log.hatenablog.com/entry/attacker
◆Andariel / Silent Chollima (まとめ)
https://malware-log.hatenablog.com/entry/Andariel