Helix Kitten
بچه گربه هلیکس | |
| Formation | c. 2004–2007[1] |
|---|---|
| Type | APT33 |
Formerly called | APT34 |
Helix Kitten (also known as APT34 by
FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,[1] or EUROPIUM)[2] is a hacker group identified by CrowdStrike as Iranian.[3][4]
History
The group has reportedly been active since at least 2014.Advanced Persistent Threat 33, according to John Hultquist.[3]
In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.[5][6]
Targets
The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.[3]
Techniques
APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.[3]
References
- ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
- ^ "Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".
- ^ a b c d e Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.
- FireEye. Archived from the originalon December 10, 2017.
- ZDNet. Retrieved April 24, 2019.
- ^ "How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.