Helix Kitten

Iranian hacker group From Wikipedia, the free encyclopedia

Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,[1] or EUROPIUM)[2] is a hacker group identified by CrowdStrike as Iranian.[3][4]

Formationc. 2004–2007
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
MethodsZero-days, spearphishing, malware
Quick facts Formation, Type ...
Helix Kitten
بچه گربه هلیکس
Formationc. 2004–2007
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
MethodsZero-days, spearphishing, malware
Official language
Persian
AffiliationsAPT33
Formerly called
APT34
Close

History

The group has reportedly been active since at least 2014.[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.[3]

In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.[5][6]

Targets

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.[3]

Techniques

APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.[3]

References

Related Articles

Wikiwand AI