APT33 (まとめ)

概要

【要点】

◆イランの標的型攻撃組織

【別名】

名称	命名組織
APT33	FireEye
Charming Kitten
Parastoo
iKittens
MacDownloader
Newscaster
NewsBeef
Elfin
Magnallium
Refined Kitten

◆APT33 (APTMap)
https://aptmap.netlify.com/#APT33

記事

【ニュース】

◆APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware (The Hacker News, 2017/09/20)
https://thehackernews.com/2017/09/apt33-iranian-hackers.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_8

◆APT33: New Insights into Iranian Cyber Espionage Group (FireEye, 2017/09/21)
https://www.brighttalk.com/webcast/10703/275683/apt33-new-insights-into-iranian-cyber-espionage-group
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_9

◆IRANIAN APT33 TARGETS US FIRMS WITH DESTRUCTIVE MALWARE (threat post, 2017/09/21 13:54)
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_14

◆ファイア・アイ、イランのハッカー集団「APT33」の活動内容と技術詳細を明らかに (FireEye, 2017/09/22)
https://www.fireeye.jp/company/press-releases/2017/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/22/000000_9

◆イラン政府の関与が疑われる諜報活動グループ「APT33」が韓国を狙った理由 (THE ZERO/ONE, 2017/10/13 08:00)
https://the01.jp/p0005877/
⇒ https://malware-log.hatenablog.com/entry/2017/10/13/000000_4

◆Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign (MUST READ, 2018/07/03)
https://securityaffairs.co/wordpress/74123/apt/charming-kitten-clearsky-phishing.html
⇒ https://malware-log.hatenablog.com/entry/2018/07/03/000000_7

◆Shamoonが感染システムの破壊に新たなツールキットを使用 (ASCII.jp, 2018/12/21 18:45)
http://ascii.jp/elem/000/001/789/1789040/
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_5

◆Iran-linked APT33 Shakes Up Cyberespionage Tactics (ThreatPost, 2019/06/26 15:33)
https://threatpost.com/iranian-apt33-shakes-up-cyberespionage-tactics/146041/
⇒ https://malware-log.hatenablog.com/entry/2019/06/26/000000_11

◆Outlookの脆弱性突くマルウェアが横行、米サイバー軍が警戒呼び掛け (ITmedia, 2019/07/04 10:30)
https://www.itmedia.co.jp/enterprise/articles/1907/04/news063.html
⇒ https://malware-log.hatenablog.com/entry/2019/07/04/000000_3

◆「Outlook」の脆弱性を悪用する攻撃　米サイバー軍が警告 (TechTarget, 2019/08/06 10:05)
https://techtarget.itmedia.co.jp/tt/news/1908/06/news03.html
⇒ https://malware-log.hatenablog.com/entry/2019/08/06/000000_2

【ブログ】

◆Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware (FireEye, 2017/09/20)
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_10

◆イランのハッカーがサウジアラビアの石油化学会社へサイバー攻撃 (世界の貯蔵タンク事故情報, 2017/10/29)
http://tank-accident.blogspot.jp/2017/10/blog-post_29.html
⇒ https://malware-log.hatenablog.com/entry/2017/10/29/000000_2

◆OVERRULED: Containing a Potentially Destructive Adversary (FireEye, 2018/12/21)
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_19

◆Shamoonが新たなツールキットを使用して感染システムを破壊 (McAfee, 2018/12/21)
https://blogs.mcafee.jp/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_22

◆More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (Trendmicro, 2019/11/13)
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/
⇒ https://malware-log.hatenablog.com/entry/2019/11/13/000000_3

◆標的型攻撃手法解説：「APT33」によるC&C追跡困難化 (Trendmicro, 2019/11/19)
https://blog.trendmicro.co.jp/archives/22876
⇒ https://malware-log.hatenablog.com/entry/2019/11/19/000000

【図表】

f:id:tanigawa:20180925211312j:plain
Scope of APT33 Targeting
f:id:tanigawa:20180925211409p:plain
Excerpt of an APT33 malicious .hta file
出典: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html