Movatterモバイル変換

Helix Kitten

From Wikipedia, the free encyclopedia

Iranian hacker group

Helix Kitten
بچه گربه هلیکس
Formation	c. 2004–2007 [1]
Type	Advanced persistent threat
Purpose	Cyberespionage,cyberwarfare
Methods	Zero-days,spearphishing,malware
Official language	Persian
Affiliations	APT33
Formerly called	APT34

Helix Kitten (also known asAPT34 byFireEye,OILRIG,Crambus,Cobalt Gypsy,Hazel Sandstorm,^[1] orEUROPIUM)^[2] is a hacker group identified byCrowdStrike as Iranian.^[3]^[4]

History

[edit]

The group has reportedly been active since at least 2014.^[3] It has targeted many of the same organizations asAdvanced Persistent Threat 33, according to John Hultquist.^[3]

In April 2019, APT34's cyber-espionage tools' source code was leaked throughTelegram.^[5]^[6]

Targets

[edit]

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well ascritical infrastructure systems.^[3]

Techniques

[edit]

APT34 reportedly usesMicrosoft Excel macros,PowerShell-based exploits andsocial engineering to gain access to its targets.^[3]

References

[edit]

^"How Microsoft names threat actors". Microsoft. Retrieved21 January 2024.
^"Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders".
^^a ^b ^c ^d ^eNewman, Lily Hay (December 7, 2017)."APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure".Wired. Archived fromthe original on December 10, 2017.
^Sardiwal, Manish; Londhe, Yogesh; Fraser, Nalani; Fraser, Nicholas; O'Leary, Jaqueline; Cannon, Vincent (December 7, 2017)."New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit".FireEye. Archived fromthe original on December 10, 2017.
^Catalin Cimpanu (April 17, 2019)."Source code of Iranian cyber-espionage tools leaked on Telegram; APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month".ZDNet. RetrievedApril 24, 2019.
^"How companies – and the hackers themselves – could respond to the OilRig leak". 18 April 2019.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach TalkTalk data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack British Airways data breach SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Groups

Individuals

Majorvulnerabilities
publiclydisclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt Project Sauron
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya Philadelphia X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	Annabelle VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=Helix_Kitten&oldid=1232786649"

Category:

Iranian advanced persistent threat groups

Hidden categories:

[8]ページ先頭