AlibabaCobalt GypsyG0003Op CleaverOperation CleaverTarh AndishanTG-2889Threat Group 2889
▲ High Threat
A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.
OriginIran
SponsorIran (Islamic Republic of)
MotivationEspionage
Target Sectors
Private sectorGovernmentDefenseEnergyTechnologyGovernment, AdministrationAcademia - University