APT34
   HOME

TheInfoList



Click Here for Items Related To - APT34
OR:
APT34 on:   [Wikipedia]   [Google]   [Amazon]

Helix Kitten (also known as APT34 by
FireEye Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company that was founded in 2022. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and ana ...
, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm, or EUROPIUM) is a hacker group identified by
CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of seve ...
as Iranian.


History

The group has reportedly been active since at least 2014. It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist. In April 2019, APT34's cyber-espionage tools' source code was leaked through
Telegram Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas pi ...
.


Targets

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as
critical infrastructure Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security. ...
systems.


Techniques

APT34 reportedly uses
Microsoft Excel Microsoft Excel is a spreadsheet editor developed by Microsoft for Microsoft Windows, Windows, macOS, Android (operating system), Android, iOS and iPadOS. It features calculation or computation capabilities, graphing tools, pivot tables, and a ...
macros,
PowerShell PowerShell is a shell program developed by Microsoft for task automation and configuration management. As is typical for a shell, it provides a command-line interpreter for interactive use and a script interpreter for automation via a langu ...
-based exploits and social engineering to gain access to its targets.


References

{{Hacking in the 2010s Iranian advanced persistent threat groups