Other APT

Iranian APT Groups

APT33 (Elfin)

• Affiliation: Iranian state-sponsored

• Activities: Known for targeting aerospace, energy, and defense sectors, primarily in the Middle East and the United States.

• Targets: Aerospace, energy, defense sectors.

• TTPs:

  • Spear-phishing: Spearphishing Attachment, Spearphishing Link, Spearphishing via Service

  • Use of custom malware: Malware

  • Credential theft: Credential Dumping

  • Data exfiltration: Exfiltration Over C2 Channel

• Notable Incidents:

  • Shamoon Malware Attacks (2012, 2016): APT33 used the Shamoon malware to target energy companies in the Middle East, causing significant disruption by wiping data from infected systems. Read more

  • Aerospace Sector Attacks (2017): Targeted aerospace companies in the United States and Saudi Arabia, stealing sensitive information related to aviation technology. Read more

  • Energy Sector Attacks (2019): Conducted cyber espionage against energy companies in the Middle East, focusing on stealing intellectual property and trade secrets. Read more

Vietnamese APT Groups

APT32 (OceanLotus)

• Affiliation: Vietnamese state-sponsored

• Activities: Known for targeting foreign governments, dissidents, and journalists, as well as private sector companies in various industries.

• Targets: Government, dissidents, journalists, private sector companies.

• TTPs:

  • Spear-phishing: Spearphishing Attachment, Spearphishing Link, Spearphishing via Service

  • Use of custom malware: Malware

  • Credential theft: Credential Dumping

  • Data exfiltration: Exfiltration Over C2 Channel

• Notable Incidents:

  • Targeting of Foreign Governments (2014-2017): APT32 conducted cyber espionage against foreign governments, focusing on political and economic intelligence. Read more

  • Attacks on Dissidents and Journalists (2018): Targeted Vietnamese dissidents and journalists, aiming to monitor and suppress dissent. Read more

  • Private Sector Attacks (2019): Conducted cyber espionage against private sector companies in various industries, including manufacturing and hospitality. Read more

Indian APT Groups

APT36 (Transparent Tribe)

• Affiliation: Indian state-sponsored

• Activities: Known for targeting government and military organizations in Pakistan, as well as Indian dissidents and activists.

• Targets: Government, military organizations, dissidents, activists.

• TTPs:

  • Spear-phishing: Spearphishing Attachment, Spearphishing Link, Spearphishing via Service

  • Use of custom malware: Malware

  • Credential theft: Credential Dumping

  • Data exfiltration: Exfiltration Over C2 Channel

• Notable Incidents:

  • Targeting of Pakistani Government (2016-2018): APT36 conducted cyber espionage against Pakistani government and military organizations, stealing sensitive information. Read more

  • Attacks on Indian Dissidents (2019): Targeted Indian dissidents and activists, aiming to monitor and suppress dissent. Read more

  • Military Sector Attacks (2020): Conducted cyber espionage against military organizations in Pakistan, focusing on stealing defense-related information. Read more