Group: APT33, Elfin, MAGNALLIUM

From attackics
Revision as of 14:03, 11 April 2021 by Oalexander (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
APT33, Elfin, MAGNALLIUM
Group
ID G0003
Associated Groups APT33, Elfin, MAGNALLIUM
External Contributors Dragos Threat Intelligence

APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.1

Associated Group Descriptions

  • APT33 - Fireeye noted a potential link between APT33 and Shamoon based on similar dropper malware, "DROPSHOT".2
  • Elfin - Symantec mentioned a potential link between Elfin and Shamoon based on such close occurances of the attacks within a particular organization 3
  • MAGNALLIUM - 4

Techniques Used

  • Scripting - APT33 utilized PowerShell scripts to establish command and control and install files for execution.34
  • Spearphishing Attachment - APT33 sent spear phishing emails containing links to HTML application files, which were embedded with malicious code.2 APT33 has conducted targeted spear phishing campaigns against U.S. government agencies and private sector companies.6