← All Threat Actors
Threat Actor Profile

Cleaver

Alibaba Cobalt Gypsy G0003 Op Cleaver Operation Cleaver Tarh Andishan TG-2889 Threat Group 2889
▲ High Threat
A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.
Origin Iran
Sponsor Iran (Islamic Republic of)
Motivation Espionage

Target Sectors

Private sector Government Defense Energy Technology Government, Administration Academia - University

Known TTPs

LSASS Memory
ARP Cache Poisoning
Tool
Malware
Social Media Accounts

Related Intelligence


LINK COPIED TO CLIPBOARD