Common Information
| Type | Value |
|---|---|
| Value |
APT34 - G0057 |
| Category | Actor |
| Type | Mitre-Intrusion-Set |
| Misp Type | Cluster |
| Description | APT34 is an Iranian cyber espionage group that has been active since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. APT34 loosely aligns with public reporting related to OilRig, but may not wholly align due to companies tracking threat groups in different ways. (Citation: FireEye APT34 Dec 2017) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-08-11 | 12 | Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study | ||
| Details | Website | 2022-06-24 | 69 | APT34 - Saitama Agent | ||
| Details | Website | 2022-06-21 | 26 | Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 2) — Elastic Security Labs | ||
| Details | Website | 2022-06-13 | 4 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks | ||
| Details | Website | 2022-06-13 | 17 | InfoSec Handlers Diary Blog - SANS Internet Storm Center | ||
| Details | Website | 2022-05-10 | 41 | APT34 targets Jordan Government using new Saitama backdoor | ||
| Details | Website | 2022-02-09 | 1 | Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign | ||
| Details | Website | 2021-07-02 | 52 | Geopolitical nation-state threat actor overview June 2021 | ||
| Details | Website | 2021-04-22 | 86 | Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities | ||
| Details | Website | 2021-04-20 | 1764 | Raw Threat Intelligence | ||
| Details | Website | 2021-04-08 | 14 | Iran’s APT34 Returns with an Updated Arsenal - Check Point Research | ||
| Details | Website | 2021-02-09 | 70 | 启明星辰ADLab | APT34组织最新攻击活动深度分析报告 | ||
| Details | Website | 2021-01-14 | 4 | The Devil’s in the Details: SUNBURST Attribution - DomainTools | Start Here. Know Now. | ||
| Details | Website | 2021-01-13 | 1 | 2021 Threat Predictions Report | McAfee Blog | ||
| Details | Website | 2020-08-31 | 7 | Iranian hackers are selling access to compromised companies on an underground forum | ||
| Details | Website | 2020-08-09 | 7 | FBI says an Iranian hacking group is attacking F5 networking devices | ||
| Details | Website | 2020-07-13 | 6 | SCANdalous! (External Detection Using Network Scan Data and Automation) | Mandiant | ||
| Details | Website | 2020-05-28 | 25 | Naikon Archives | ||
| Details | Website | 2020-03-12 | 6 | Swallowing the Snake’s Tail: Tracking Turla Infrastructure | ||
| Details | Website | 2020-03-02 | 11 | Karkoff 2020: a new APT34 espionage operation involves Lebanon Government - Yoroi | ||
| Details | Website | 2020-02-18 | 9 | Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide | ||
| Details | Website | 2020-02-16 | 9 | Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world | ||
| Details | Website | 2020-01-30 | 12 | Iranian Campaign Tailored to US Companies Uses Updated Toolset - Intezer | ||
| Details | Website | 2020-01-08 | 3 | New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ||
| Details | Website | 2019-12-04 | 12 | APT review: what the world’s threat actors got up to in 2019 |