Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT33 – Refined Kitten – IRAN

August 13, 2021
Reading Time: 2 mins read
in APT
APT33 – Refined Kitten – IRAN

APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.

Name: APT 33 (Mandiant), Elfin (Symantec), Magnallium (Dragos), Holmium (Microsoft), ATK 35 (Thales)
Refined Kitten (CrowdStrike), TA451 (Proofpoint), Cobalt Trinity (SecureWorks)

Location:  Iran

Suspected attribution: State-sponsored

Date of initial activity: 2013

Targets: Multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.

Motivation:  Espionage

Associated tools: AutoCore, Cadlotcorg, Dello RAT, Imminent Monitor, KDALogger, Koadic, NanoCore, NetWire, PoshC2, POWERTON, Poylog, PupyRAT, Schoolbag

Attack vectors:  APT33 has targeted organizations – spanning multiple industries – headquartered in the United States, Saudi Arabia and South Korea. APT33 has shown particular interest in organizations in the aviation sector involved in both military and commercial capacities, as well as organizations in the energy sector with ties to petrochemical production.

How they work: COBALT TRINITY has been active since at least 2015 and CTU researchers assess with moderate confidence that the group operates on behalf of Iran. Known targets include U.S., UK, and Middle Eastern organizations in the government, defense, aerospace, legal, oil and gas, and energy verticals. However, broad campaigns have also been conducted that cut across multiple verticals. COBALT TRINITY has been observed using publicly available tools such as NanoCore, NetWire, PupyRAT, PoshC2, and Koadic. The threat group also uses a selection of custom tools such as Powerton, Dello RAT, AutoCore, KDALogger, and PoyLog.

In 2019, COBALT TRINITY was tentatively linked to the 2018 Middle Eastern Shamoon activity. The threat actors perform password-spraying attacks against a broad swath of companies and individuals and use a playbook when spearphishing intended targets. Between 2017 and 2019, CTU researchers observed multiple COBALT TRINITY campaigns using job-themed spearphishing to initiate a multi-staged PowerShell-based infection chain to deploy custom and publicly available RATs. The group’s objective appears to be gathering intelligence for military, political, and economic advantage. Broad password spraying is a favored tactic to obtain initial access, with organizations repeatedly targeted once they make it onto COBALT TRINITY’s radar.

Tags: Advanced Persistent ThreatAPT 33APT33IranRefined Kitten
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial