ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > [Unnamed group Iran]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: [Unnamed group Iran]

Names[Unnamed group Iran] (?)
CountryIran Iran
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2019
Description(ClearSky) Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation. The identity of the actor behind the leak is currently unknown, however based on the scope and the quality of the exposed documents and information, it appears that they are professional and highly capable. This leak will likely hamstring the groups’ operation in the near future. Accordingly, in our assessment this will minimize the risk of potential attacks in the next few months and possibly even year. Note –most of the leaks are posted on Telegram channels that were created specifically for this purpose.

Unlike the previous two channels this has been around for a long time. On Friday May 5th, dozens of confidential documents labeled as “secret” (a high confidentiality level in Iran, one before the highest –top secret) were posted on this channel. The documents were related to Iranian attack groups’ activity.

Update: this leak may have been the work of the CIA.
ObservedSectors: Aviation, Government, IT, Telecommunications.
Countries: Afghanistan, Australia, Azerbaijan, Bahrain, Colombia, Dubai, Egypt, Ethiopia, Fiji, Hong Kong, India, Indonesia, Iraq, Israel, Kenya, Kuwait, Kyrgyzstan, Lebanon, Malaysia, Mauritius, Morocco, New Zealand, Oman, Pakistan, Philippines, Qatar, South Africa, Sri Lanka, Syria, Thailand, Turkey, UAE.
Tools used
Counter operationsMay 2019On Friday May 5th, dozens of confidential documents labeled as “secret” were leaked on Telegram.
<https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf>
Information<https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf>

Last change to this card: 19 July 2020

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]