Nation-State Actor
APT33 (Elfin)
Iran • Active since 2013
APT33 is an Iranian hacking group that goes after airplane makers and oil companies, especially in Saudi Arabia and the US. They have used destructive malware that wipes computers clean, causing massive damage to their targets.
Overview
APT33 is an Iranian state-sponsored threat group that targets aerospace and energy sectors, particularly in Saudi Arabia and the United States. They are linked to destructive wiper attacks and have connections to the Shamoon malware.
Also Known As
Elfin, Magnallium, Refined Kitten, Holmium
Target Industries
Aerospace, Energy, Petrochemical, Aviation, Defense
Target Regions
Saudi Arabia, United States, South Korea, Middle East
Is your business exposed?
Tactics, Techniques & Procedures
- • Spear-phishing with job lures
- • Password spraying
- • Destructive wiper deployment
- • Domain masquerading
- • Living off the land
Known Tools & Malware
SHAMOON, TURNEDUP, NANOCORE, POWERTON, STONEDRILL
Notable Campaigns
Shamoon 2.0 Attacks (2016-2017)
Deployed destructive wiper malware against Saudi Arabian organizations.
Aviation Sector Targeting (2017)
Targeted US and Saudi aviation companies for aerospace secrets.
MITRE ATT&CK Techniques
T1566.001, T1110.003, T1485, T1036, T1059
Defense Recommendations
- 1.
Implement wiper malware detection
- 2.
Deploy password spray detection
- 3.
Maintain offline backups for critical systems
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required