# Other APT ## Iranian APT Groups ### **APT33 (Elfin)** * **Affiliation:** Iranian state-sponsored * **Activities:** Known for targeting aerospace, energy, and defense sectors, primarily in the Middle East and the United States. * **Targets:** Aerospace, energy, defense sectors. * **TTPs:** * **Spear-phishing:** [Spearphishing Attachment, Spearphishing Link, Spearphishing via Service](https://attack.mitre.org/techniques/T1566/) * **Use of custom malware:** [Malware](https://attack.mitre.org/techniques/T1505/) * **Credential theft:** [Credential Dumping](https://attack.mitre.org/techniques/T1003/) * **Data exfiltration:** [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041/) * **Notable Incidents:** * **Shamoon Malware Attacks (2012, 2016):** APT33 used the Shamoon malware to target energy companies in the Middle East, causing significant disruption by wiping data from infected systems. [Read more](https://attack.mitre.org/groups/G0064/) * **Aerospace Sector Attacks (2017):** Targeted aerospace companies in the United States and Saudi Arabia, stealing sensitive information related to aviation technology. [Read more](https://www.fireeye.com/blog/threat-research/2017/09/apt33-iran-based-group.html) * **Energy Sector Attacks (2019):** Conducted cyber espionage against energy companies in the Middle East, focusing on stealing intellectual property and trade secrets. [Read more](https://www.cfr.org/cyber-operations/apt33) ## Vietnamese APT Groups ### **APT32 (OceanLotus)** * **Affiliation:** Vietnamese state-sponsored * **Activities:** Known for targeting foreign governments, dissidents, and journalists, as well as private sector companies in various industries. * **Targets:** Government, dissidents, journalists, private sector companies. * **TTPs:** * **Spear-phishing:** [Spearphishing Attachment, Spearphishing Link, Spearphishing via Service](https://attack.mitre.org/techniques/T1566/) * **Use of custom malware:** [Malware](https://attack.mitre.org/techniques/T1505/) * **Credential theft:** [Credential Dumping](https://attack.mitre.org/techniques/T1003/) * **Data exfiltration:** [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041/) * **Notable Incidents:** * **Targeting of Foreign Governments (2014-2017):** APT32 conducted cyber espionage against foreign governments, focusing on political and economic intelligence. [Read more](https://www.fireeye.com/blog/threat-research/2017/05/oceanlotus-targets-vietnam.html) * **Attacks on Dissidents and Journalists (2018):** Targeted Vietnamese dissidents and journalists, aiming to monitor and suppress dissent. [Read more](https://www.cfr.org/cyber-operations/apt32) * **Private Sector Attacks (2019):** Conducted cyber espionage against private sector companies in various industries, including manufacturing and hospitality. [Read more](https://www.recordedfuture.com/oceanlotus-apt32-targeting) ## Indian APT Groups ### **APT36 (Transparent Tribe)** * **Affiliation:** Indian state-sponsored * **Activities:** Known for targeting government and military organizations in Pakistan, as well as Indian dissidents and activists. * **Targets:** Government, military organizations, dissidents, activists. * **TTPs:** * **Spear-phishing:** [Spearphishing Attachment, Spearphishing Link, Spearphishing via Service](https://attack.mitre.org/techniques/T1566/) * **Use of custom malware:** [Malware](https://attack.mitre.org/techniques/T1505/) * **Credential theft:** [Credential Dumping](https://attack.mitre.org/techniques/T1003/) * **Data exfiltration:** [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041/) * **Notable Incidents:** * **Targeting of Pakistani Government (2016-2018):** APT36 conducted cyber espionage against Pakistani government and military organizations, stealing sensitive information. [Read more](https://www.fireeye.com/blog/threat-research/2018/04/transparent-tribe-cyber-espionage.html) * **Attacks on Indian Dissidents (2019):** Targeted Indian dissidents and activists, aiming to monitor and suppress dissent. [Read more](https://www.cfr.org/cyber-operations/apt36) * **Military Sector Attacks (2020):** Conducted cyber espionage against military organizations in Pakistan, focusing on stealing defense-related information. [Read more](https://www.recordedfuture.com/transparent-tribe-apt36-targeting) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://calvin-lai.gitbook.io/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups/other-apt.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.