==【目次】==
概要
【要点】
◆イランの標的型攻撃組織
【別名】
| 名称 | 命名組織 |
|---|---|
| APT33 | FireEye |
| Magnallium | Dragos |
| Refined Kitten | Crowdstrike |
| Holmium | Microsoft |
| Parastoo | |
| iKittens | |
| MacDownloader | EnigmaSoft |
| Newscaster | |
| NewsBeef | |
| Elfin | |
| Charming Kitten | (一部にAPT33の別名に分類するベンダーも) ⇒ APT35 |
【辞書】
◆APT33 (APTMap)
https://aptmap.netlify.com/#APT33
◆Elfin Team (Wikipedia)
https://en.wikipedia.org/wiki/Elfin_Team
◆APT33 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/apt33
◆MacDownloader (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/details/osx.macdownloader
記事
【ニュース】
◆APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware (The Hacker News, 2017/09/20)
https://thehackernews.com/2017/09/apt33-iranian-hackers.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_8
◆APT33: New Insights into Iranian Cyber Espionage Group (FireEye, 2017/09/21)
https://www.brighttalk.com/webcast/10703/275683/apt33-new-insights-into-iranian-cyber-espionage-group
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_9
◆IRANIAN APT33 TARGETS US FIRMS WITH DESTRUCTIVE MALWARE (threat post, 2017/09/21 13:54)
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
⇒ https://malware-log.hatenablog.com/entry/2017/09/21/000000_14
◆ファイア・アイ、イランのハッカー集団「APT33」の 活動内容と技術詳細を明らかに (FireEye, 2017/09/22)
https://www.fireeye.jp/company/press-releases/2017/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/22/000000_9
◆イラン政府の関与が疑われる諜報活動グループ「APT33」が韓国を狙った理由 (THE ZERO/ONE, 2017/10/13 08:00)
https://the01.jp/p0005877/
⇒ https://malware-log.hatenablog.com/entry/2017/10/13/000000_4
◆Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign (MUST READ, 2018/07/03)
https://securityaffairs.co/wordpress/74123/apt/charming-kitten-clearsky-phishing.html
⇒ https://malware-log.hatenablog.com/entry/2018/07/03/000000_7
◆Shamoonが感染システムの破壊に新たなツールキットを使用 (ASCII.jp, 2018/12/21 18:45)
http://ascii.jp/elem/000/001/789/1789040/
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_5
◆Iran-linked APT33 Shakes Up Cyberespionage Tactics (ThreatPost, 2019/06/26 15:33)
https://threatpost.com/iranian-apt33-shakes-up-cyberespionage-tactics/146041/
⇒ https://malware-log.hatenablog.com/entry/2019/06/26/000000_11
◆Outlookの脆弱性突くマルウェアが横行、米サイバー軍が警戒呼び掛け (ITmedia, 2019/07/04 10:30)
https://www.itmedia.co.jp/enterprise/articles/1907/04/news063.html
⇒ https://malware-log.hatenablog.com/entry/2019/07/04/000000_3
◆「Outlook」の脆弱性を悪用する攻撃 米サイバー軍が警告 (TechTarget, 2019/08/06 10:05)
https://techtarget.itmedia.co.jp/tt/news/1908/06/news03.html
⇒ https://malware-log.hatenablog.com/entry/2019/08/06/000000_2
◆米イランの対立で「サイバー空間」の戦争はどうなる? (ビジネス+IT, 2020/01/19)
https://www.sbbit.jp/article/cont1/37555
⇒ https://malware-log.hatenablog.com/entry/2020/01/19/000000
【ブログ】
◆Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware (FireEye, 2017/09/20)
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
⇒ https://malware-log.hatenablog.com/entry/2017/09/20/000000_10
◆イランのハッカーがサウジアラビアの石油化学会社へサイバー攻撃 (世界の貯蔵タンク事故情報, 2017/10/29)
http://tank-accident.blogspot.jp/2017/10/blog-post_29.html
⇒ https://malware-log.hatenablog.com/entry/2017/10/29/000000_2
◆OVERRULED: Containing a Potentially Destructive Adversary (FireEye, 2018/12/21)
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_19
◆Shamoonが新たなツールキットを使用して感染システムを破壊 (McAfee, 2018/12/21)
https://blogs.mcafee.jp/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
⇒ https://malware-log.hatenablog.com/entry/2018/12/21/000000_22
◆More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (Trendmicro, 2019/11/13)
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/
⇒ https://malware-log.hatenablog.com/entry/2019/11/13/000000_3
◆標的型攻撃手法解説:「APT33」によるC&C追跡困難化 (Trendmicro, 2019/11/19)
https://blog.trendmicro.co.jp/archives/22876
⇒ https://malware-log.hatenablog.com/entry/2019/11/19/000000
【図表】
Scope of APT33 Targeting
Excerpt of an APT33 malicious .hta file
出典: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
出典: http://tank-accident.blogspot.jp/2017/10/blog-post_29.html
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT