A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.
Also known as
Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, TG-2889, Cobalt Gypsy, G0003, Hazel Sandstorm, EUROPIUM, APT34, OilRig, HELIX KITTEN, Crambus.
References
- secureworks.com
- cfr.org
- secureworks.com
- trendmicro.com
- secureworks.com
- blogs.microsoft.com
- trendmicro.de
- blog.checkpoint.com
- attack.mitre.org
- xorl.wordpress.com
- secureworks.com
- know.netenrich.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).