ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > [Unnamed groups: Iran]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: [Unnamed groups: Iran]

Names[Unnamed groups: Iran] (?)
CountryIran Iran
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2019
DescriptionThese are reported APT activities attributed to a country, but not to an individual threat group.
ObservedSectors: Aviation, Government, Industrial, IT, Telecommunications.
Countries: Afghanistan, Australia, Azerbaijan, Bahrain, Colombia, Dubai, Egypt, Ethiopia, Fiji, Hong Kong, India, Indonesia, Iraq, Israel, Kenya, Kuwait, Kyrgyzstan, Lebanon, Malaysia, Mauritius, Morocco, New Zealand, Oman, Pakistan, Philippines, Qatar, South Africa, Sri Lanka, Syria, Thailand, Turkey, UAE, USA.
Tools used
Operations performedNov 2023Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
<https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group>
Nov 2023North Texas water utility serving 2 million hit with cyberattack
<https://therecord.media/north-texas-water-utility-cyberattack>
Dec 2023Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
<https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities>
Counter operationsMay 2019On Friday May 5th, dozens of confidential documents labeled as “secret” were leaked on Telegram.
<https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf>
Feb 2024Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure
<https://home.treasury.gov/news/press-releases/jy2072>
Information<https://us-cert.cisa.gov/ncas/alerts/aa20-259a>
<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>
<https://us-cert.cisa.gov/ncas/alerts/aa20-296b>
<https://us-cert.cisa.gov/ncas/alerts/aa20-304a>
<https://us-cert.cisa.gov/ncas/alerts/aa21-321a>
<https://www.cisa.gov/ncas/alerts/aa22-264a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-320a>
<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-320a>
<https://go.recordedfuture.com/hubfs/reports/cta-2018-0509.pdf>
<https://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal>

Last change to this card: 12 March 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]