APT group: [Unnamed groups: Iran]
Names | [Unnamed groups: Iran] (?) |
Country | Iran |
Sponsor | State-sponsored |
Motivation | Information theft and espionage |
First seen | 2019 |
Description | These are reported APT activities attributed to a country, but not to an individual threat group. |
Observed | Sectors: Aviation, Government, Industrial, IT, Telecommunications. Countries: Afghanistan, Australia, Azerbaijan, Bahrain, Colombia, Dubai, Egypt, Ethiopia, Fiji, Hong Kong, India, Indonesia, Iraq, Israel, Kenya, Kuwait, Kyrgyzstan, Lebanon, Malaysia, Mauritius, Morocco, New Zealand, Oman, Pakistan, Philippines, Qatar, South Africa, Sri Lanka, Syria, Thailand, Turkey, UAE, USA. |
Tools used | |
Operations performed | Nov 2023 | Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group <https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group> |
Nov 2023 | North Texas water utility serving 2 million hit with cyberattack <https://therecord.media/north-texas-water-utility-cyberattack> |
Dec 2023 | Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks <https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities> |
Counter operations | May 2019 | On Friday May 5th, dozens of confidential documents labeled as “secret” were leaked on Telegram. <https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf> |
Feb 2024 | Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure <https://home.treasury.gov/news/press-releases/jy2072> |
Information | <https://us-cert.cisa.gov/ncas/alerts/aa20-259a> <https://us-cert.cisa.gov/ncas/alerts/aa20-296a> <https://us-cert.cisa.gov/ncas/alerts/aa20-296b> <https://us-cert.cisa.gov/ncas/alerts/aa20-304a> <https://us-cert.cisa.gov/ncas/alerts/aa21-321a> <https://www.cisa.gov/ncas/alerts/aa22-264a> <https://www.cisa.gov/uscert/ncas/alerts/aa22-320a> <https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-320a> <https://go.recordedfuture.com/hubfs/reports/cta-2018-0509.pdf> <https://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal> |
Last change to this card: 12 March 2024
Download this actor card in PDF or JSON format