In June 2015, an incident of personal information leakage due to a targeted attack on a public institution was widely reported. A year has passed since then, but targeted attacks (cyber espionage activities) against organizations in Japan continue to be observed, both before and after the reports at the time. Many targeted attacks are more stealthy than general cyberattacks (indiscriminate attacks), so the victim organization often does not notice the intrusion or hiding of the attacker for a long time, and even after it is noticed, the information is disclosed. The cases reported are only the tip of the iceberg, as they often go unreported.

Therefore, Macnica has decided to take this opportunity to publish an analysis report so that the incident from a year ago will not be forgotten and the lessons learned will be utilized in the company's own cybersecurity measures.

In this report, Macnica analyzes attack campaigns using a RAT (Remote Access Trojan) called Emdivi that was frequently observed between 2014 and 2015, and describes the methods (TTPs = Tactics, Techniques, and Procedures) used by attackers. , explains TTPs, which have traditionally been commonly seen in targeted attacks, and the concept of countermeasures depending on the maturity level of the company.