Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home panic

APT34 – Helix Kitten – IRAN

August 13, 2021
Reading Time: 2 mins read
in APT
APT34 – Helix Kitten – IRAN

Fireeye believe APT34 is involved in a long-term cyber espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014. We assess that APT34 works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.

Name: OilRig (Palo Alto) APT 34 (FireEye) Helix Kitten (CrowdStrike) Twisted Kitten (CrowdStrike) Crambus (Symantec) Chrysene (Dragos) Cobalt Gypsy (SecureWorks) TA452 (Proofpoint) IRN2 (Area 1) ATK 40 (Thales) ITG13 (IBM)

Location:  Iran

Suspected attribution: State-sponsored

Date of initial activity:  2014

Targets: Private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists

Motivation:  Espionage

Associated tools: Glimpse, Helminth, Jason, MacDownloader, PoisonFrog, PupyRAT, RGDoor, ThreeDollars, TinyZbot, Toxocara, Trichuris, TwoFace, Webmask, ZeroCleare, Living off the Land.

Attack vectors:  Shamoon Attacks: W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. Target: Saudi Aramco and Rasgas.

How they work: In its latest campaign, APT34 leveraged the recent Microsoft Office vulnerability CVE-2017-11882 to deploy POWRUNER and BONDUPDATER.

COBALT GYPSY has been active since at least 2015, targeting MENA-based or affiliated organizations in the telecommunications, government, defense, oil and financial services verticals. CTU researchers assess with moderate confidence that COBALT GYPSY operates on behalf of Iran.

The group often uses spearphishing, with academic or employment related themes, to infect targets, many of whom are identified and approached via social media sites. COBALT GYPSY also performs broad phishing operations against global government, energy, oil/gas, aviation, and nuclear organizations, as well as against defense contractors. The group has deployed a range of custom remote access trojans (Helminth, Toxocara, Trichuris) and webshells (TwoFace, ThreeDollars). CTU researchers track a number of related but distinct groups with tradecraft or infrastructure similarities to COBALT GYPSY. These groups include COBALT EDGEWATER, COBALT KATANA and COBALT LYCEUM.

Tags: Advanced Persistent ThreatAPT 34APT34Helix KittenIran
ADVERTISEMENT

Related Posts

APT-C-60 (APT) – Threat Actor

APT-C-60 (APT) – Threat Actor

February 16, 2025
COLDRIVER (APT) – Threat Actor

COLDRIVER (APT) – Threat Actor

February 13, 2025
UTG-Q-010 (APT) – Threat Actor

UTG-Q-010 (APT) – Threat Actor

February 12, 2025
Actor240524 (APT) – Threat Actor

Actor240524 (APT) – Threat Actor

February 10, 2025
T-APT-04 (SideWinder) – Threat Actor

T-APT-04 (SideWinder) – Threat Actor

January 30, 2025
Evasive Panda (APT) – Threat Actor

Evasive Panda (APT) – Threat Actor

January 30, 2025

Latest Alerts

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Subscribe to our newsletter

    Latest Incidents

    Canada WestJet Airline Contains Cyberattack

    Hackers Leak 10K VirtualMacOSX Customer Data

    Washington Post Investigates Cyberattack on Emails

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial