【ATT&CK ID】

ID(ATT&CK)	備考
G0064	APT33

【辞書】

◆APT33 (APTMap)
https://aptmap.netlify.com/#APT33

◆Elfin Team (Wikipedia)
https://en.wikipedia.org/wiki/Elfin_Team

◆APT33 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/apt33

◆MacDownloader (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/details/osx.macdownloader

【別名】

名称	命名組織
APT33	FireEye
Charming Kitten	(一部にAPT33の別名に分類するベンダーも)　⇒ APT35
Elfin
Holmium	Microsoft
iKittens
MacDownloader	EnigmaSoft
Magnallium	Dragos
NewsBeef
Parastoo
Refined Kitten	Crowdstrike

【最新情報】

◆Iranian hackers breach defense orgs in password spray attacks (BleepingComputer, 2023/09/14 12:30)
[イランのハッカー、パスワード・スプレー攻撃で防衛組織を突破]
https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/
⇒ https://malware-log.hatenablog.com/entry/2023/09/14/000000_2

【ニュース】

■2017年

◆APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware (The Hacker News, 2017/09/20)
https://thehackernews.com/2017/09/apt33-iranian-hackers.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_8

◆APT33: New Insights into Iranian Cyber Espionage Group (FireEye, 2017/09/21)
https://www.brighttalk.com/webcast/10703/275683/apt33-new-insights-into-iranian-cyber-espionage-group
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_9

◆IRANIAN APT33 TARGETS US FIRMS WITH DESTRUCTIVE MALWARE (threat post, 2017/09/21 13:54)
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_14

◆ファイア・アイ、イランのハッカー集団「APT33」の 活動内容と技術詳細を明らかに (FireEye, 2017/09/22)
https://www.fireeye.jp/company/press-releases/2017/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/22/000000_9

◆イラン政府の関与が疑われる諜報活動グループ「APT33」が韓国を狙った理由 (THE ZERO/ONE, 2017/10/13 08:00)
https://the01.jp/p0005877/
⇒ https://malware-log.hatenablog.com/entry/2017/10/13/000000_4

■2018年

◆Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign (MUST READ, 2018/07/03)
https://securityaffairs.co/wordpress/74123/apt/charming-kitten-clearsky-phishing.html
⇒ https://malware-log.hatenablog.com/entry/2018/07/03/000000_7

◆Shamoonが感染システムの破壊に新たなツールキットを使用 (ASCII.jp, 2018/12/21 18:45)
http://ascii.jp/elem/000/001/789/1789040/
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_5

■2019年

◆Iran-linked APT33 Shakes Up Cyberespionage Tactics (ThreatPost, 2019/06/26 15:33)
https://threatpost.com/iranian-apt33-shakes-up-cyberespionage-tactics/146041/
⇒ https://malware-log.hatenablog.com/entry/2019/06/26/000000_11

◆Outlookの脆弱性突くマルウェアが横行、米サイバー軍が警戒呼び掛け (ITmedia, 2019/07/04 10:30)
https://www.itmedia.co.jp/enterprise/articles/1907/04/news063.html
⇒ https://malware-log.hatenablog.com/entry/2019/07/04/000000_3

◆「Outlook」の脆弱性を悪用する攻撃　米サイバー軍が警告 (TechTarget, 2019/08/06 10:05)
https://techtarget.itmedia.co.jp/tt/news/1908/06/news03.html
⇒ https://malware-log.hatenablog.com/entry/2019/08/06/000000_2

■2020年

◆米イランの対立で「サイバー空間」の戦争はどうなる？ (ビジネス+IT, 2020/01/19)
https://www.sbbit.jp/article/cont1/37555
⇒ https://malware-log.hatenablog.com/entry/2020/01/19/000000

■2023年

◆Charming Kitten hackers use new ‘NokNok’ malware for macOS (BleepingComputer, 2023/07/09 10:13)
[Charming Kittenハッカー、macOS向け新マルウェア「NokNok」を使用]
https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos/
⇒ https://malware-log.hatenablog.com/entry/2023/07/09/000000

◆Iranian hackers breach defense orgs in password spray attacks (BleepingComputer, 2023/09/14 12:30)
[イランのハッカー、パスワード・スプレー攻撃で防衛組織を突破]
https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/
⇒ https://malware-log.hatenablog.com/entry/2023/09/14/000000_2

【ブログ】

■2017年

◆Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware (FireEye, 2017/09/20)
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_10

◆イランのハッカーがサウジアラビアの石油化学会社へサイバー攻撃 (世界の貯蔵タンク事故情報, 2017/10/29)
http://tank-accident.blogspot.jp/2017/10/blog-post_29.html
⇒ https://malware-log.hatenablog.com/entry/2017/10/29/000000_2

■2018年

◆OVERRULED: Containing a Potentially Destructive Adversary (FireEye, 2018/12/21)
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_19

◆Shamoonが新たなツールキットを使用して感染システムを破壊 (McAfee, 2018/12/21)
https://blogs.mcafee.jp/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_22

■2019年

◆More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (Trendmicro, 2019/11/13)
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/
⇒ https://malware-log.hatenablog.com/entry/2019/11/13/000000_3

◆標的型攻撃手法解説：「APT33」によるC&C追跡困難化 (Trendmicro, 2019/11/19)
https://blog.trendmicro.co.jp/archives/22876
⇒ https://malware-log.hatenablog.com/entry/2019/11/19/000000

【図表】

Scope of APT33 Targeting

Excerpt of an APT33 malicious .hta file
出典: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html

出典: http://tank-accident.blogspot.jp/2017/10/blog-post_29.html

【検索】

■Google

google: APT33
google:news: APT33
google: site:virustotal.com APT33

■Bing

https://www.bing.com/search?q=APT33
https://www.bing.com/news/search?q=APT33

■Twitter

https://twitter.com/search?q=%23APT33

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT