🇮🇷Iran APT

Iranian Advanced Persistent Threat (APT) groups are known for their sophisticated cyber-espionage and cyber-attack capabilities. These groups often target governmental, military, and economic sectors, both within Iran and internationally. Here’s an overview of some notable Iranian APT groups and their activities:

Notable Iranian APT Groups

1. APT33 (Elfin, Magnallium)

   • Aliases: Elfin, Magnallium, APT33

   • Affiliation: Iranian government interests

   • Targets: Aerospace, energy, and petrochemical industries.

   • Notable Activities:

     • Cyber-Espionage: Engaged in campaigns targeting sensitive information in the aerospace and energy sectors.

     • Destructive Attacks: Involved in attacks on industrial control systems and critical infrastructure.

2. APT34 (OilRig, Helix)

   • Aliases: OilRig, Helix, APT34

   • Affiliation: Iranian government interests

   • Targets: Financial, energy, and telecommunications sectors.

   • Notable Activities:

     • Espionage and Data Theft: Focused on stealing intellectual property and disrupting economic operations.

     • Phishing and Malware: Uses phishing and custom malware for data exfiltration and espionage.

3. APT35 (Charming Kitten, Phosphorus)

   • Aliases: Charming Kitten, Phosphorus, Ajax Security Team

   • Affiliation: Iranian government interests

   • Targets: Government officials, political organizations, and academic institutions.

   • Notable Activities:

     • Cyber-Espionage: Targets individuals and organizations involved in political and policy-making processes.

     • Social Engineering: Employs phishing and social engineering to gain access to sensitive information.

4. APT39

   • Aliases: Ongoing investigation, suspected links with Iranian interests

   • Affiliation: Likely Iranian government interests

   • Targets: Government officials, political figures, and organizations in various sectors.

   • Notable Activities:

     • Espionage: Engages in targeted cyber-espionage operations to gather sensitive political and strategic information.

5. APT40

   • Aliases: OceanLotus, Stardust Chollima

   • Affiliation: Primarily Chinese, but has shown interactions with Iranian operations.

   • Targets: Aerospace, energy, and petrochemical industries.

   • Notable Activities:

     • Industrial Espionage: Conducts operations to steal intellectual property and disrupt operations in targeted sectors.

Characteristics and Tactics

• Phishing and Spear-Phishing: Commonly uses phishing emails and social engineering to trick targets into providing sensitive information or installing malware.

• Custom Malware: Development and use of bespoke malware tailored for specific espionage and sabotage purposes.

• Cyber-Espionage: Focuses on gathering intelligence related to political, economic, and military interests, often targeting sensitive information and critical infrastructure.