Jump to content

Helix Kitten: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Importing Wikidata short description: "Iranian hacker group" (Shortdesc helper)
Tag: Reverted
GreenC bot (talk | contribs)
 
(13 intermediate revisions by 7 users not shown)
Line 18: Line 18:
| language = [[Persian language|Persian]]
| language = [[Persian language|Persian]]
| parent_organization =
| parent_organization =
| affiliations =
| affiliations = [[APT33]]
| formerly = APT34
| formerly = APT34
| website =
| website =
Line 24: Line 24:
}}
}}


'''Helix''' (also known as APT34 by [[FireEye]], OILRIG) is a hacker group identified by [[CrowdStrike]] as Iranian.<ref name="Wired">{{cite magazine |magazine=[[Wired (magazine)|Wired]] |title=APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure |url=https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-url=https://web.archive.org/web/20171210144943/https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-date=December 10, 2017 |first=Lily Hay |last=Newman |date=December 7, 2017}}</ref><ref name="FireEye">{{cite news |url=https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |publisher=[[FireEye]] |title=New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |date=December 7, 2017 |archive-date=December 10, 2017 |archive-url=https://web.archive.org/web/20171210145601/https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |first=Manish |last=Sardiwal |first2=Yogesh |last2=Londhe |first3=Nalani |last3=Fraser |first4=Nicholas |last4=Fraser |first5=Jaqueline |last5=O'Leary |first6=Vincent |last6=Cannon}}</ref>
'''Helix Kitten''' (also known as '''APT34''' by [[FireEye]], '''OILRIG''', '''Crambus''', '''Cobalt Gypsy''', '''Hazel Sandstorm''',<ref name="ms-threat-actors-24">{{cite web |title=How Microsoft names threat actors |url=https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming |publisher=Microsoft |access-date=21 January 2024}}</ref> or '''EUROPIUM''')<ref>{{cite web | url=https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html?m=1 | title=Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders }}</ref> is a hacker group identified by [[CrowdStrike]] as Iranian.<ref name="Wired">{{cite magazine |magazine=[[Wired (magazine)|Wired]] |title=APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure |url=https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-url=https://web.archive.org/web/20171210144943/https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-date=December 10, 2017 |first=Lily Hay |last=Newman |date=December 7, 2017}}</ref><ref name="FireEye">{{cite news |url=https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |publisher=[[FireEye]] |title=New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |date=December 7, 2017 |archive-date=December 10, 2017 |archive-url=https://web.archive.org/web/20171210145601/https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |first1=Manish |last1=Sardiwal |first2=Yogesh |last2=Londhe |first3=Nalani |last3=Fraser |first4=Nicholas |last4=Fraser |first5=Jaqueline |last5=O'Leary |first6=Vincent |last6=Cannon}}</ref>


==History==
==History==
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/>
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/>


In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= |publisher= |access-date=April 24, 2019}}</ref><ref>https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/</ref>
In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/ |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= [[ZDNet]]|publisher= |access-date=April 24, 2019}}</ref><ref>{{cite web | url=https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/ | title=How companies – and the hackers themselves – could respond to the OilRig leak | date=18 April 2019 }}</ref>


==Targets==
==Targets==

Latest revision as of 15:58, 5 July 2024

Helix Kitten
بچه گربه هلیکس
Formationc. 2004–2007[1]
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
MethodsZero-days, spearphishing, malware
Official language
Persian
AffiliationsAPT33
Formerly called
APT34

Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,[1] or EUROPIUM)[2] is a hacker group identified by CrowdStrike as Iranian.[3][4]

History

[edit]

The group has reportedly been active since at least 2014.[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.[3]

In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.[5][6]

Targets

[edit]

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.[3]

Techniques

[edit]

APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.[3]

References

[edit]
  1. ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
  2. ^ "Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".
  3. ^ a b c d e Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.
  4. ^ Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017). "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit". FireEye. Archived from the original on December 10, 2017.
  5. ^ Catalin Cimpanu (April 17, 2019). "Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month". ZDNet. Retrieved April 24, 2019.
  6. ^ "How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.