「APT攻撃」の版間の差分

削除された内容 追加された内容
グループの別名を加筆
APTグループ情報追加
71行目:
! APT
! グループ名
! 別名・備考
! 出典
|-
| rowspan="1630" | [[中国]]
| APT1
| [[中国サイバー軍|中国人民解放軍61398部隊]]
| Comment Crew、Comment Panda、GIF89a、Byzantine Candor
| <ref name="fe-apt-groups">{{Cite web |url=https://www.fireeye.jp/current-threats/apt-groups.html |title=APT攻撃グループ |publisher=[[ファイア・アイ]] |date= |accessdate=2022-01-17}}</ref>
|
|-
| APT2
87行目:
| APT3
| Buckeye
| UPS Team<ref name="fe-apt-groups" />
|
| <ref name="Symantec2019">{{cite web|url=https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit|date=2019-05-07|title=Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak|publisher=[[NortonLifeLock|Symantec]]|url-status=live|archive-url=https://archive.today/20190507054409/https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit|archive-date=2019-05-07|access-date=2019-07-23}}</ref>
|-
| APT4
|
| Maverick Panda、Sykipot Group、Wisp
| <ref name="fe-apt-groups" />
|-
| APT6
|
|
| <ref name="fe-apt-groups" />
| -
| APT7
|
|
| <ref name="fe-apt-groups" />
| -
| APT8
|
|
| <ref name="fe-apt-groups" />
|-
| APT9
|
|
| <ref name="fe-apt-groups" />
|-
| APT10
| {{仮リンク|Red Apollo|en|Red Apollo}}
| APT10 (by Mandiant)、MenuPass (by [[ファイア・アイ]])、Stone Panda (by Crowdstrike)、POTASSIUM (by [[マイクロソフト]])
| <ref>{{Cite web|title=APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat|url=https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html|access-date=2021-03-07|website=FireEye|language=en}}</ref><ref>{{Cite web|last=Kozy|first=Adam|date=2018-08-30|title=Two Birds, One STONE PANDA|url=https://www.crowdstrike.com/blog/two-birds-one-stone-panda/|access-date=2021-03-07|language=en-US}}</ref>
|
|-
| APT12
| {{仮リンク|Numbered Panda|en|Numbered Panda}}
| Calc Team
| <ref name="fe-apt-groups" />
|-
| APT14
|
|
| <ref name="fe-apt-groups" />
|-
| APT15
104 ⟶ 134行目:
| KE3CHANG、Vixen Panda、Royal APT、Playful Dragon
| <ref>{{Cite web |url=https://japan.zdnet.com/article/35180478/ |title=MS、中国APTグループ「Nickel」が攻撃に使用していたドメインを押収 |publisher=ZDNet Japan |date=2021-12-07 |accessdate=2022-01-04}}</ref>
|-
| APT16
|
|
| <ref name="fe-apt-groups" />
|-
| APT17
| Tailgator Team、DeputyDog
|
| <ref name="fe-apt-groups" /><ref>{{cite news |url=https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf |title=APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic |work=[[FireEye]] |date=May 2015 }}</ref><br />
|-
| APT18
| Wekby
|
| <ref name="fe-apt-groups" />
|-
| APT19
117 ⟶ 157行目:
| APT20
| Wocao
| Twivy<ref name="fe-apt-groups" />
|
| <ref name="fox-it2019">{{cite web |url=https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf |title=Wocao APT20 |work=fox-it.com |date=2019-12-19 |first1=Maarten |last1=van Dantzig |first2=Erik |last2=Schamper |publisher=[[NCC Group]] |accessdate=2022-01-04 }}</ref><ref>{{cite web |last1=Vijayan |first1=Jai |title=China-Based Cyber Espionage Group Targeting Orgs in 10 Countries |url=https://www.darkreading.com/attacks-breaches/china-based-cyber-espionage-group-targeting-orgs-in-10-countries/d/d-id/1336676 |date=December 19, 2019 |website=www.darkreading.com |publisher=Dark Reading |access-date=12 January 2020}}</ref>
|-
| APT21
| Zhenbao
|
| <ref name="fe-apt-groups" />
|-
| APT22
| Barista
|
| <ref name="fe-apt-groups" />
|-
| APT23
|
|
| <ref name="fe-apt-groups" />
|-
| APT24
| PittyTiger
|
| <ref name="fe-apt-groups" />
|-
| APT25
| Uncool、Vixen Panda、Ke3chang、Sushi Roll、Tor
|
| <ref name="fe-apt-groups" />
|-
| APT26
|
|
| <ref name="fe-apt-groups" />
|-
| APT27
158 ⟶ 228行目:
| APT33
| {{仮リンク|Elfin Team|en|Elfin Team}}
| Refined Kitten(by Crowdstrike)、マグナリウム (by Dragos)、ホルミウム (by [[マイクロソフト]])
| <ref>{{Cite web|url=https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage|title=Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. |accessdate=2022-01-04}}</ref><ref>{{Cite web|url=https://dragos.com/resource/magnallium/|title=MAGNALLIUM &#124; Dragos|date=30 May 2020 |accessdate=2022-01-04}}</ref><ref>{{Cite web|url=https://www.apnews.com/c5e1d8f79e86460fbfbd4d36ae348156|title = Microsoft says Iran-linked hackers targeted businesses|date = 6 March 2019 |accessdate=2022-01-04}}</ref>
|
|-
| APT34
206 ⟶ 276行目:
| APT28
| {{仮リンク|ファンシー・ベア|en|Fancy Bear}}
| Fancy Bear、APT28 (by [[Mandiant]])、Pawn Storm、Sofacy Group (by [[Kaspersky Lab|Kaspersky]])、Sednit、Tsar Team (by [[ファイア・アイ]])、ストロンチウム (by [[マイクロソフト]])
| <ref name="db072018">{{cite news |last1=Poulson |first1=Kevin |title=Mueller Finally Solves Mysteries About Russia's 'Fancy Bear' Hackers |url=https://www.thedailybeast.com/mueller-finally-solves-mysteries-about-russias-fancy-bear-hackers |website=The Daily Beast |date=21 July 2018 |access-date=21 July 2018}}</ref><ref name = "Critical Infrastructure Security and Resilience: Theories, Methods, Tools ..._2019">{{ cite book | title = Critical Infrastructure Security and Resilience: Theories, Methods, Tools ... | url = https://books.google.com/books?id=zAuCDwAAQBAJ&q=APT28%2C+RED+October | publisher = Springer, 2019 | author = DimitrisGritzalis,Marianthi Theocharidou,George Stergiopoulos | isbn = 9783030000240 | language = en | date = 2019-01-10 }}</ref>
|
|-
| APT29
216 ⟶ 286行目:
|
| {{仮リンク|サンドワーム|en|Sandworm (hacker group)}}
| Unit 74455、Telebots、Voodoo Bear、Iron Viking
| Unit 74455、Telebots、Voodoo Bear、Iron Viking<ref name=DOJ1>{{cite news |author=<!--Staff writer(s)/no by-line.--> |title=Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace |url=https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and |work=DOJ Office of Public Affairs |agency=[[United States Department of Justice]] |date=October 19, 2020 |access-date=July 23, 2021}}</ref>
|
|-
|
| {{仮リンク|ベルセルク・ベア|en|Berserk Bear}}
| Crouching Yeti、Dragonfly、Dragonfly 2.0、DYMALLOY、Energetic Bear、Havex、IRON LIBERTY、Koala、TeamSpy
| <ref name="mitre">{{Cite web|url=https://attack.mitre.org/groups/G0074/|title=Dragonfly 2.0, IRON LIBERTY, DYMALLOY, Berserk Bear, Group G0074 &#124; MITRE ATT&CK®|website=attack.mitre.org |accessdate=2022-01-04}}</ref><ref name="bc-2020-10-22">{{Cite web|url=https://www.bleepingcomputer.com/news/security/russian-state-hackers-stole-data-from-us-government-networks/|title=Russian state hackers stole data from US government networks|website=BleepingComputer |accessdate=2022-01-04}}</ref><ref name="at-2020-12-07">{{Cite web|url=https://arstechnica.com/information-technology/2020/12/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks/|title=NSA says Russian state hackers are using a VMware flaw to ransack networks|first=Dan|last=Goodin|date=December 7, 2020|website=Ars Technica |accessdate=2022-01-04}}</ref>
|
|-
|
243 ⟶ 313行目:
|
| SandCat
| [[ウズベキスタン国家保安庁]]と関係がある。
| <ref>{{cite web |last1=Gallagher |first1=Sean |title=Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV |url=https://arstechnica.com/information-technology/2019/10/kaspersky-finds-uzbekistan-hacking-opbecause-they-used-kaspersky-av/ |website=arstechnica.com |date=3 October 2019 |publisher=Ars Technica |access-date=5 October 2019}}</ref>
|-
251 ⟶ 321行目:
|
| <ref>{{cite web |last1=Panda |first1=Ankit |title=Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19 |url=https://thediplomat.com/2020/04/offensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19/ |website=thediplomat.com |publisher=The Diplomat |access-date=29 April 2020}}</ref><ref>{{cite news |title=Lined up in the sights of Vietnamese hackers |url=https://web.br.de/interaktiv/ocean-lotus/en/ |first1=Hakan |last1=Tanriverdi |first2=Max |last2=Zierer |first3=Ann-Kathrin |last3=Wetter |first4=Kai |last4=Biermann |first5=Thi Do |last5=Nguyen |publisher=[[Bayerischer Rundfunk]] |date=October 8, 2020 |editor-first=Verena |editor-last=Nierle |editor2-first=Robert |editor2-last=Schöffel |editor3-first=Lisa |editor3-last=Wreschniok |quote=In Bui’s case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.}}</ref>
|-
| 不明
| APT5
|
|
| <ref name="fe-apt-groups" />
|}