请输入您要查询的百科知识:

 

词条 Advanced Persistent Threat 33
释义

  1. History

  2. Targets

  3. Modus operandi

  4. Identification

  5. References

{{orphan|date=October 2017}}{{orphan|date=October 2017}}Advanced Persistent Threat 33 (APT33) is a hacker group identified by FireEye as being supported by the government of Iran.[1][2]

History

FireEye believes that the group was formed no later than 2013.[1]

Targets

APT33 has reportedly targeted aerospace, defense and petrochemical industry targets in the United States, South Korea, and Saudi Arabia.[1][2]

Modus operandi

APT33 reportedly uses a dropper program designated DropShot, which can deploy a wiper called ShapeShift, or install a backdoor called TurnedUp.[1] The group is reported to use the ALFASHELL tool to send spear-phishing emails loaded with malicious HTML Application files to its targets.[1][2]

APT33 registered domains impersonating many commercial entities, including Boeing, Alsalam Aircraft Company, Northrop Grumman and Vinnell.[2]

Identification

FireEye and Kaspersky Lab noted similarities between the ShapeShift and Shamoon, another virus linked to Iran.[1] APT33 also used Farsi in ShapeShift and DropShot, and was most active during Iran Standard Time business hours, remaining inactive on the Iranian weekend.[1][2]

One hacker known by the pseudonym of xman_1365_x was linked to both the TurnedUp tool code and the Iranian Nasr Institute, which has been connected to the Iranian Cyber Army.[13][1][2][3] xman_1365_x has accounts on Iranian hacker forums, including Shabgard and Ashiyane.[4]

References

1. ^{{cite news |url=https://www.wired.com/story/iran-hackers-apt33/ |date=September 20, 2017 |first=Andy |last=Greenberg |publisher=Wired |title=New Group of Iranian Hackers Linked to Destructive Malware}}
2. ^{{cite news |url=https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html |publisher=FireEye |first=Jacqueline |last=O'Leary |first2=Josiah |last2=Kimble |first3=Kelli |last3=Vanderlee |first4=Nalani |last4=Fraser |date=September 20, 2017 |title=Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware}}
3. ^{{cite news |publisher=Reuters |url=https://www.reuters.com/article/us-un-assembly-trump-russia/russia-rebukes-trump-over-iran-north-korea-accuses-u-s-of-missile-treaty-breach-idUSKCN1BV1QE |date=September 20, 2017 |title=Once 'kittens' in cyber spy world, Iran gaining hacking prowess: security experts |first=Eric |last=Auchard |quote=FireEye found some ties between APT33 and the Nasr Institute - which other experts have connected to the Iranian Cyber Army, an offshoot of the Revolutionary Guards - but it has yet to find any links to a specific government agency, Hultquist said. |first2=Jeremy |last2=Wagstaff |first3=Bozorgmehr |last3=Sharafedin |editor-first=Mark |editor-last=Heinrich}}
4. ^{{cite news |publisher=The Daily Beast |quote=Included in a piece of non-public malware APT33 uses called TURNEDUP is the username “xman_1365_x.” xman has accounts on a selection of Iranian hacking forums, such as Shabgard and Ashiyane, although FireEye says it did not find any evidence to suggest xman was formally part of those site’s hacktivist groups. In its report, FireEye links xman to the “Nasr Institute,” a hacking group allegedly controlled by the Iranian government. |url=http://www.thedailybeast.com/suspected-iranian-hackers-targeted-us-aerospace-sector |first=Joseph |last=Cox |archive-url=https://web.archive.org/web/20170921010243/http://www.thedailybeast.com/suspected-iranian-hackers-targeted-us-aerospace-sector |archive-date=September 21, 2017 |title=Suspected Iranian Hackers Targeted U.S. Aerospace Sector}}

3 : Cyberwarfare|Information operations units and formations|Hacking (computer security)

随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/17 20:56:46