【別名】

名称	名称使用組織
UNC2452	Mandiant
UNC2652	Mandiant
SolarStorm	Paloalto
Dark Halo	Volexity
StellarParticle	CrowdStrike
Nobelium	Microsoft
UCN2452	(マスメディアの誤記)

【ニュース】

◆世界中の政府機関や企業の機密情報を傍受したハッカーグループ「UCN2452」の手口が明らかに (Gigazine, 2020/12/15 12:30)
https://gigazine.net/news/20201215-ucn2452-solarwinds-trojan-horse/
⇒ https://malware-log.hatenablog.com/entry/2020/12/15/000000_5

◆Windowsのソースコードを盗み出したハッカー集団の手口と無料対策ツールが公開される (Gigazine, 2021/01/20 11:54 )
https://gigazine.net/news/20210120-ucn2452-solarwinds-technique/
⇒ https://malware-log.hatenablog.com/entry/2021/01/20/000000

◆FireEye、SolarWindsインシデントの詳細を公開--対策ツールも提供 (ZDNet, 2021/01/20 12:52)
https://japan.zdnet.com/article/35165296/
⇒ https://malware-log.hatenablog.com/entry/2021/01/20/000000_2

◆Malwarebytes、SolarWindsを攻撃したハッカーらによる攻撃を確認 (ZDNet, 2021/01/20 13:16)
https://japan.zdnet.com/article/35165295/
⇒ https://malware-log.hatenablog.com/entry/2021/01/20/000000_1

◆Ukraine targeted by almost 800 cyberattacks since the war started (BleepingComputer, 2022/06/30 10:57)
[ウクライナ、開戦以来約800件のサイバー攻撃で標的にされる]
https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/
⇒ https://malware-log.hatenablog.com/entry/2022/06/30/000000_7

【ブログ】

◆脅威に関する情報: SolarStormとSUNBURSTからのお客様保護について (Paloalto, 2020/12/15 12:10)
https://unit42.paloaltonetworks.jp/fireeye-solarstorm-sunburst/
⇒ https://malware-log.hatenablog.com/entry/2020/12/15/000000_4

◆GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence (Microsoft, 2021/03/04)
[GoldMax、GoldFinder、Sibot。NOBELIUMのレイヤードパーシステンスの分析]
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
⇒ https://malware-log.hatenablog.com/entry/2021/03/04/000000_6

【ツール】

◆Mandiant-Azure-AD-Investigator (FireEye, 2021/01/19)
https://github.com/fireeye/Mandiant-Azure-AD-Investigator

【検索】

■Google

google: UNC2452
google: UNC2652
google: SolarStorm
google: DarkHalo
google: StellarParticle
google: Nobelium
google: APT29

google:news: UNC2452
google:news: UNC2652
google:news: SolarStorm
google:news: DarkHalo
google:news: StellarParticle
google:news: Nobelium
google:news: APT29

google: site:virustotal.com UNC2452
google: site:virustotal.com UNC2652
google: site:virustotal.com SolarStorm
google: site:virustotal.com DarkHalo
google: site:virustotal.com StellarParticle
google: site:virustotal.com Nobelium
google: site:virustotal.com APT29

google: site:github.com UNC2452
google: site:github.com UNC2652
google: site:github.com SolarStorm
google: site:github.com DarkHalo
google: site:github.com StellarParticle
google: site:github.com Nobelium
google: site:github.com APT29

■Bing

https://www.bing.com/search?q=UNC2452
https://www.bing.com/search?q=UNC2652
https://www.bing.com/search?q=SolarStorm
https://www.bing.com/search?q=DarkHalo
https://www.bing.com/search?q=StellarParticle
https://www.bing.com/search?q=Nobelium
https://www.bing.com/search?q=APT29

https://www.bing.com/news/search?q=UNC2452
https://www.bing.com/news/search?q=UNC2652
https://www.bing.com/news/search?q=SolarStorm
https://www.bing.com/news/search?q=DarkHalo
https://www.bing.com/news/search?q=StellarParticle
https://www.bing.com/news/search?q=Nobelium
https://www.bing.com/news/search?q=APT29

■Twitter

https://twitter.com/search?q=%23UNC2452
https://twitter.com/search?q=%23UNC2652
https://twitter.com/search?q=%23SolarStorm
https://twitter.com/search?q=%23DarkHalo
https://twitter.com/search?q=%23StellarParticle
https://twitter.com/search?q=%23Nobelium
https://twitter.com/search?q=%23APT29

https://twitter.com/hashtag/UNC2452
https://twitter.com/hashtag/UNC2652
https://twitter.com/hashtag/SolarStorm
https://twitter.com/hashtag/DarkHalo
https://twitter.com/hashtag/StellarParticle
https://twitter.com/hashtag/Nobelium
https://twitter.com/hashtag/APT29

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT

　◆アプリ (まとめ)

◆SolarWinds (まとめ)
https://malware-log.hatenablog.com/entry/SolarWinds