Helix Kitten: Difference between revisions
Content deleted Content added
Importing Wikidata short description: "Iranian hacker group" (Shortdesc helper) Tag: Reverted |
citation Tag: Reverted |
||
| Line 29: | Line 29: | ||
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/> |
The group has reportedly been active since at least 2014.<ref name="Wired"/> It has targeted many of the same organizations as [[Advanced Persistent Threat 33]], according to John Hultquist.<ref name="Wired"/> |
||
In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= |publisher= |access-date=April 24, 2019}}</ref><ref>https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/</ref> |
In April 2019, APT34's cyber-espionage tools' source code was leaked through [[Telegram (software)|Telegram]].<ref>{{cite web|url=https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram |title=Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. |author=Catalin Cimpanu |date=April 17, 2019 |website= |publisher= |access-date=April 24, 2019}}</ref><ref>{{cite web |title=How companies – and the hackers themselves – could respond to the OilRig leak |url=https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/ |website=CyberScoop |access-date=10 October 2021 |language=en |date=18 April 2019}}</ref> |
||
==Targets== |
==Targets== |
||
Revision as of 17:31, 10 October 2021
بچه گربه هلیکس | |
| Formation | c. 2004–2007[1] |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
| Methods | Zero-days, spearphishing, malware |
Official language | Persian |
Formerly called | APT34 |
Helix (also known as APT34 by FireEye, OILRIG) is a hacker group identified by CrowdStrike as Iranian.[1][2]
History
The group has reportedly been active since at least 2014.[1] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.[1]
In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.[3][4]
Targets
The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.[1]
Techniques
APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.[1]
References
- ^ a b c d e Newman, Lily Hay (December 7, 2017). "APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure". Wired. Archived from the original on December 10, 2017.
- ^ Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017). "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit". FireEye. Archived from the original on December 10, 2017.
- ^ Catalin Cimpanu (April 17, 2019). "Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month". Retrieved April 24, 2019.
- ^ "How companies – and the hackers themselves – could respond to the OilRig leak". CyberScoop. 18 April 2019. Retrieved 10 October 2021.