top of page
Mitre
Alias
Op Cleaver, Alibaba, G0003, Cleaver, Cleaver,, Tarh Andishan, Tg-2889, Operation �cleaver�, Operation Cleaver, Cutting Kitten, Cobalt Gypsy
Country
Iran
Sponsor
Iran (islamic Republic Of). State-sponsored, Security Company Itsecteam
Motivation
Nil
First Seen
2012
Description
A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia. Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). This group evolved into 'Magic Hound, APT 35, Cobalt Illusion, Charming Kitten'.
Targeted
Industries
Government, Utilities,, Aerospace, Defense, Transportation, Energy, Chemical, Oil And Gas, Financial, Utilities, Education, Telecommunications, Healthcare, Aviation, Technology, Private Sector
Targeted
Countries
Canada, Saudi Arabia, Turkey, France, Pakistan, United Kingdom, China, Germany, Israel, Netherlands, Uae, Usa, Uk, United States, Qatar, India, Mexico, Kuwait, South Korea, United States,
Tools
Kagent
Pvz-in
Tinyzbot
Wndtest
Disttrack
Logger
Zhmimikatz
Leash
Csext
Syskit
Mpkbot
Pupyrat
Pvz-out
Jasus
Zhcat
Synflooder
Net
TTP
T1003
T1587
T158501
T1588
T155702
T1557
T1588.002
T100301
T1585
T158802
T1587.001
T1003.001
T1585.001
T1557.002
T158701
Operations
Performed
Nil
Counter
Operations
Nil
Information
nil
bottom of page