Helix Kitten

Helix Kitten
بچه گربه هلیکس
Formation	c. 2004–2007
Type	Advanced persistent threat
Purpose	Cyberespionage, cyberwarfare
Methods	Zero-days, spearphishing, malware
Official language	Persian
Affiliations	APT33
Formerly called	APT34

Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,^[1] or EUROPIUM)^[2] is a hacker group identified by CrowdStrike as Iranian.^[3]^[4]

History

The group has reportedly been active since at least 2014.^[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.^[3]

In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.^[5]^[6]

Targets

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.^[3]

Techniques

APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.^[3]

References

^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
^ "Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".
^ ^a ^b ^c ^d ^e Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.
^ Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017). "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit". FireEye. Archived from the original on December 10, 2017.
^ Catalin Cimpanu (April 17, 2019). "Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month". ZDNet. Retrieved April 24, 2019.
^ "How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.

Zdroj:https://en.wikipedia.org?pojem=Helix_Kitten
Text je dostupný za podmienok Creative Commons Attribution/Share-Alike License 3.0 Unported; prípadne za ďalších podmienok. Podrobnejšie informácie nájdete na stránke Podmienky použitia.

[ms-threat-actors-24-1] "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.

[2] "Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".

[Wired-3] Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.

[FireEye-4] Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017). "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit". FireEye. Archived from the original on December 10, 2017.

[5] Catalin Cimpanu (April 17, 2019). "Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month". ZDNet. Retrieved April 24, 2019.

[6] "How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.

[1]

[2]

[3]

[4]

[5]

[6]