Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT33 – Refined Kitten – IRAN

August 13, 2021
Reading Time: 2 mins read
in APT
APT33 – Refined Kitten – IRAN

APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.

Name: APT 33 (Mandiant), Elfin (Symantec), Magnallium (Dragos), Holmium (Microsoft), ATK 35 (Thales)
Refined Kitten (CrowdStrike), TA451 (Proofpoint), Cobalt Trinity (SecureWorks)

Location:  Iran

Suspected attribution: State-sponsored

Date of initial activity: 2013

Targets: Multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.

Motivation:  Espionage

Associated tools: AutoCore, Cadlotcorg, Dello RAT, Imminent Monitor, KDALogger, Koadic, NanoCore, NetWire, PoshC2, POWERTON, Poylog, PupyRAT, Schoolbag

Attack vectors:  APT33 has targeted organizations – spanning multiple industries – headquartered in the United States, Saudi Arabia and South Korea. APT33 has shown particular interest in organizations in the aviation sector involved in both military and commercial capacities, as well as organizations in the energy sector with ties to petrochemical production.

How they work: COBALT TRINITY has been active since at least 2015 and CTU researchers assess with moderate confidence that the group operates on behalf of Iran. Known targets include U.S., UK, and Middle Eastern organizations in the government, defense, aerospace, legal, oil and gas, and energy verticals. However, broad campaigns have also been conducted that cut across multiple verticals. COBALT TRINITY has been observed using publicly available tools such as NanoCore, NetWire, PupyRAT, PoshC2, and Koadic. The threat group also uses a selection of custom tools such as Powerton, Dello RAT, AutoCore, KDALogger, and PoyLog.

In 2019, COBALT TRINITY was tentatively linked to the 2018 Middle Eastern Shamoon activity. The threat actors perform password-spraying attacks against a broad swath of companies and individuals and use a playbook when spearphishing intended targets. Between 2017 and 2019, CTU researchers observed multiple COBALT TRINITY campaigns using job-themed spearphishing to initiate a multi-staged PowerShell-based infection chain to deploy custom and publicly available RATs. The group’s objective appears to be gathering intelligence for military, political, and economic advantage. Broad password spraying is a favored tactic to obtain initial access, with organizations repeatedly targeted once they make it onto COBALT TRINITY’s radar.

Tags: Advanced Persistent ThreatAPT 33APT33IranRefined Kitten
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Fake Sora AI Lure Installs Infostealer

FIN6 Uses Fake Resumes To Hack Recruiters

Microsoft Fixes Exploited WebDAV Zero Day

Google Bug Exposed Any User’s Phone Number

Roundcube RCE Flaw Risks 84,000 Servers

New Skitnet Malware Arms Ransomware Gangs

Subscribe to our newsletter

    Latest Incidents

    BHA Hit By Ransomware But Races Continue

    Sompo Data Breach Puts 17.5M Records At Risk

    DDoS Disrupts Roularta Media In Belgium

    Texas DOT Breach Leaks 300K Crash Reports

    Illinois HFS Employee Phishing Leaks Data

    Cyberattack Disrupts UNFI Food Deliveries

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial