Helix Kitten: Difference between revisions
Content deleted Content added
GreenC bot (talk | contribs) Move 1 url. Wayback Medic 2.5 per WP:URLREQ#zdnet.com |
|||
| (18 intermediate revisions by 10 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Iranian hacker group}} |
|||
{{Infobox Organization |
{{Infobox Organization |
||
| name = Helix Kitten |
| name = Helix Kitten |
||
| Line 11: | Line 12: | ||
| motto = |
| motto = |
||
| headquarters = |
| headquarters = |
||
| region = |
| region = |
||
| methods = [[Zero-day (computing)|Zero-day]]s, [[spearphishing]], [[malware]] |
| methods = [[Zero-day (computing)|Zero-day]]s, [[spearphishing]], [[malware]] |
||
| membership = |
| membership = |
||
| Line 17: | Line 18: | ||
| language = [[Persian language|Persian]] |
| language = [[Persian language|Persian]] |
||
| parent_organization = |
| parent_organization = |
||
| affiliations = |
| affiliations = [[APT33]] |
||
| formerly = APT34 |
| formerly = APT34 |
||
| website = |
| website = |
||
| Line 23: | Line 24: | ||
}} |
}} |
||
'''Helix''' (also known as APT34 by [[FireEye]], OILRIG) is a hacker group identified by [[CrowdStrike]] as Iranian.<ref name="Wired">{{cite magazine |magazine=[[Wired (magazine)|Wired]] |title=APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure |url=https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-url=https://web.archive.org/web/20171210144943/https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-date=December 10, 2017 |first=Lily Hay |last=Newman |date=December 7, 2017}}</ref><ref name="FireEye">{{cite news |url=https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |publisher=[[FireEye]] |title=New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |date=December 7, 2017 |archive-date=December 10, 2017 |archive-url=https://web.archive.org/web/20171210145601/https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html | |
'''Helix Kitten''' (also known as '''APT34''' by [[FireEye]], '''OILRIG''', '''Crambus''', '''Cobalt Gypsy''', '''Hazel Sandstorm''',<ref name="ms-threat-actors-24">{{cite web |title=How Microsoft names threat actors |url=https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming |publisher=Microsoft |access-date=21 January 2024}}</ref> or '''EUROPIUM''')<ref>{{cite web | url=https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html?m=1 | title=Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders }}</ref> is a hacker group identified by [[CrowdStrike]] as Iranian.<ref name="Wired">{{cite magazine |magazine=[[Wired (magazine)|Wired]] |title=APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure |url=https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-url=https://web.archive.org/web/20171210144943/https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/ |archive-date=December 10, 2017 |first=Lily Hay |last=Newman |date=December 7, 2017}}</ref><ref name="FireEye">{{cite news |url=https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |publisher=[[FireEye]] |title=New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |date=December 7, 2017 |archive-date=December 10, 2017 |archive-url=https://web.archive.org/web/20171210145601/https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |first1=Manish |last1=Sardiwal |first2=Yogesh |last2=Londhe |first3=Nalani |last3=Fraser |first4=Nicholas |last4=Fraser |first5=Jaqueline |last5=O'Leary |first6=Vincent |last6=Cannon}}</ref> |
||
==History== |
==History== |
||
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/> |
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/> |
||
In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= |publisher= |access-date=April 24, 2019}}</ref><ref>https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/</ref> |
In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/ |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= [[ZDNet]]|publisher= |access-date=April 24, 2019}}</ref><ref>{{cite web | url=https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/ | title=How companies – and the hackers themselves – could respond to the OilRig leak | date=18 April 2019 }}</ref> |
||
==Targets== |
==Targets== |
||
| Line 41: | Line 42: | ||
{{Hacking in the 2010s}} |
{{Hacking in the 2010s}} |
||
[[Category:Cyberwarfare]] |
|||
[[Category: |
[[Category:Iranian advanced persistent threat groups]] |
||
[[Category:Hacking (computer security)]] |
|||
Latest revision as of 15:58, 5 July 2024
بچه گربه هلیکس | |
| Formation | c. 2004–2007[1] |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
| Methods | Zero-days, spearphishing, malware |
Official language | Persian |
| Affiliations | APT33 |
Formerly called | APT34 |
Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,[1] or EUROPIUM)[2] is a hacker group identified by CrowdStrike as Iranian.[3][4]
History
[edit]The group has reportedly been active since at least 2014.[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.[3]
In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.[5][6]
Targets
[edit]The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.[3]
Techniques
[edit]APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.[3]
References
[edit]- ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
- ^ "Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".
- ^ a b c d e Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.
- ^ Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017). "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit". FireEye. Archived from the original on December 10, 2017.
- ^ Catalin Cimpanu (April 17, 2019). "Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month". ZDNet. Retrieved April 24, 2019.
- ^ "How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.