← All Threat Actors
Threat Actor Profile

APT33

APT 33 ATK35 COBALT TRINITY Elfin G0064 HOLMIUM MAGNALLIUM Peach Sandstorm Refined Kitten TA451
▲ High Threat
Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.
Origin Iran
Sponsor Iran (Islamic Republic of)
Motivation Espionage

Target Sectors

Private sector

Known TTPs

Credentials In Files
Cached Domain Credentials
Archive via Utility
Credentials from Web Browsers
Group Policy Preferences
Encrypted/Encoded File
Spearphishing Attachment
LSASS Memory
Spearphishing Link
Password Spraying
LSA Secrets
Scheduled Task
Credentials from Password Stores
Windows Management Instrumentation Event Subscription
Ingress Tool Transfer
Exfiltration Over Unencrypted Non-C2 Protocol
Tool
Network Sniffing
Web Protocols
PowerShell
Registry Run Keys / Startup Folder
Valid Accounts
Symmetric Cryptography
Visual Basic
Standard Encoding
Non-Standard Port
Cloud Accounts
Exploitation for Client Execution
Malicious File
Malicious Link
Exploitation for Privilege Escalation

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD