「APT攻撃」の版間の差分
削除された内容 追加された内容
en:Advanced persistent threat#APT groups (01:41, 9 December 2021 UTC) を翻訳 |
表へ変更 |
||
68行目:
=== 中国 ===
{| class="wikitable sortable plainrowheaders" style="font-size:small;"
|-
! 国名
! APT
! グループ名
! 別名・備考
! 出典
|-
| rowspan="15" | [[中国]]
| APT1
| [[中国サイバー軍]]
|
|
|-
| APT2
| PLA Unit 61486
|
|
|-
| APT3
| Buckeye
|
| <ref name="Symantec2019">{{cite web|url=https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit|date=2019-05-07|title=Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak|publisher=[[NortonLifeLock|Symantec]]|url-status=live|archive-url=https://archive.today/20190507054409/https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit|archive-date=2019-05-07|access-date=2019-07-23}}</ref>
|-
| ATP10
| Red Apollo
|
|
|-
| ATP12
| Numbered Panda
|
|
|-
| APT17
| DeputyDog
|
| <ref>{{cite news |url=https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf |title=APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic |work=[[FireEye]] |date=May 2015 }}</ref><br />
|-
| ATP19
| Codoso Team
|
|
|-
| ATP20
| Wocao
|
| <ref name="fox-it2019">{{cite web |url=https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf |title=Wocao APT20 |work=fox-it.com |date=2019-12-19 |first1=Maarten |last1=van Dantzig |first2=Erik |last2=Schamper |publisher=[[NCC Group]] |accessdate=2022-01-04 }}</ref><ref>{{cite web |last1=Vijayan |first1=Jai |title=China-Based Cyber Espionage Group Targeting Orgs in 10 Countries |url=https://www.darkreading.com/attacks-breaches/china-based-cyber-espionage-group-targeting-orgs-in-10-countries/d/d-id/1336676 |date=December 19, 2019 |website=www.darkreading.com |publisher=Dark Reading |access-date=12 January 2020}}</ref>
|-
| APT27
|
|
| <ref>{{cite web |last1=Lyngaas |first1=Sean |title=Chinese hackers posed as Iranians to breach Israeli targets, FireEye says |url=https://www.cyberscoop.com/china-israel-iran-fireeye-hacking/ |website=www.cyberscoop.com |date=10 August 2021 |access-date=15 August 2021}}</ref>
|-
| ATP30
| PLA Unit 78020
| Naikon
|
|-
| ATP31
| Zirconium
|
| <ref>{{cite web |last1=Lyngaas |first1=Sean |title=Right country, wrong group? Researchers say it wasn't APT10 that hacked Norwegian software firm |url=https://www.cyberscoop.com/apt10-apt31-recorded-future-rapid7-china/ |date=February 12, 2019 |website=www.cyberscoop.com |publisher=Cyberscoop |access-date=16 October 2020}}</ref><ref>{{cite web |last1=Lyngaas |first1=Sean |title=Google offers details on Chinese hacking group that targeted Biden campaign |url=https://www.cyberscoop.com/biden-chinese-hacking-google-security-russia/ |date=October 16, 2020 |website=Cyberscoop |access-date=16 October 2020}}</ref>
|-
| ATP40
| Periscope Group
|
|
|-
| ATP41
| Double Dragon
| Winnti Group、Barium、Axiom
| <ref name="fireeye2019">{{cite web|url=https://content.fireeye.com/apt-41/rpt-apt41/ |title=Double Dragon APT41, a dual espionage and cyber crime operation |work=[[FireEye]] |date=2019-10-16 |access-date=2020-04-14 }}</ref><ref>{{cite web |title=Bureau names ransomware culprits |url=https://www.taipeitimes.com/News/taiwan/archives/2020/05/17/2003736564 |date=May 17, 2020 |website=www.taipeitimes.com |publisher=Taipei Times |access-date=22 May 2020}}</ref><ref>{{cite web |last1=Tartare |first1=Mathieu |last2=Smolár |first2=Martin |title=No "Game over" for the Winnti Group |url=https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ |website=www.welivesecurity.com |date=21 May 2020 |publisher=We Live Security |access-date=22 May 2020}}</ref><ref>{{cite magazine |last1=Greenberg |first1=Andy |title=Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry |url=https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/ |magazine=Wired |date=August 6, 2020 |access-date=7 August 2020}}</ref>
|-
|
| Tropic Trooper
|
| <ref>{{cite web |last1=Chen |first1=Joey |title=Tropic Trooper's Back: USBferry Attack Targets Air-gapped Environments |url=https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/ |website=blog.trendmicro.com |date=12 May 2020 |publisher=Trend Micro |access-date=16 May 2020}}</ref><ref>{{cite web |last1=Cimpanu |first1=Catalin |title=Hackers target the air-gapped networks of the Taiwanese and Philippine military |url=https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/ |website=[[ZDnet]] |access-date=16 May 2020}}</ref>
|-
|
| Hafnium
|
| <ref>{{cite web |last=Naraine |first=Ryan |title=Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group |date=2021-03-02|language=English|url=https://www.securityweek.com/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group |website=securityweek.com |publisher=Wired Business Media |access-date=2021-03-03}}</ref><ref>{{cite web |last=Burt|first=Tom |title=New nation-state cyberattacks |date=2021-03-02|language=English|url=https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/ |website=blogs.microsoft.com |publisher=Microsoft |access-date=2021-03-03}}</ref>
|-
| rowspan="5" | [[イラン]]
| APT33
| Elfin Team
|
|
|-
| APT34
| Helix Kitten
|
|
|-
| APT35
| Charming Kitten
|
|
|-
| APT39
|
|
|
|-
|
| Pioneer Kitten
|
| <ref>{{Cite web|url=https://threatpost.com/pioneer-kitten-apt-sells-corporate-network-access/158833/|title=Pioneer Kitten APT Sells Corporate Network Access|website=threatpost.com |accessdate=2022-01-04}}</ref>
|-
| [[イスラエル]]
|
| [[8200部隊]]
|
|
|-
| rowspan="3" | [[北朝鮮]]
|
| Kimsuky
|
|
|-
| APT37
| Ricochet Chollima
|
|
|-
| APT38
| [[ラザルスグループ]]
|
|
|-
| rowspan="6" | [[ロシア]]
| APT28
| Fancy Bear
|
|
|-
| APT29
| Cozy Bear
|
|
|-
|
| Sandworm
|
|
|-
|
| Berserk Bear
|
|
|-
|
| FIN7
|
|
|-
|
| Venomous Bear
|
|
|-
| [[アメリカ]]
|
| [[イクエーション・グループ]]
|
| <ref name="KasperskyLab2015">{{cite web|url=https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/|title=Equation: The Death Star of Malware Galaxy|date=2015-02-16|access-date=2019-07-23|archive-date=2019-07-11|url-status=live|archive-url=https://web.archive.org/web/20190711082936/https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/|publisher=[[Kaspersky Lab]]}}</ref>
|-
| [[ウズベキスタン]]
|
| SandCat
| [[ウズベキスタン国家保安庁]]と関係がある。
| <ref>{{cite web |last1=Gallagher |first1=Sean |title=Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV |url=https://arstechnica.com/information-technology/2019/10/kaspersky-finds-uzbekistan-hacking-opbecause-they-used-kaspersky-av/ |website=arstechnica.com |date=3 October 2019 |publisher=Ars Technica |access-date=5 October 2019}}</ref>
|-
| [[ベトナム]]
| APT32
| OceanLotus
|
| <ref>{{cite web |last1=Panda |first1=Ankit |title=Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19 |url=https://thediplomat.com/2020/04/offensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19/ |website=thediplomat.com |publisher=The Diplomat |access-date=29 April 2020}}</ref><ref>{{cite news |title=Lined up in the sights of Vietnamese hackers |url=https://web.br.de/interaktiv/ocean-lotus/en/ |first1=Hakan |last1=Tanriverdi |first2=Max |last2=Zierer |first3=Ann-Kathrin |last3=Wetter |first4=Kai |last4=Biermann |first5=Thi Do |last5=Nguyen |publisher=[[Bayerischer Rundfunk]] |date=October 8, 2020 |editor-first=Verena |editor-last=Nierle |editor2-first=Robert |editor2-last=Schöffel |editor3-first=Lisa |editor3-last=Wreschniok |quote=In Bui’s case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.}}</ref>
|}
== 関連項目 ==
| |||