APT 42
APT 42 has a wide variety of targets and typically aims to access the networks of organizations and individuals who oppose the Iranian regime. Some overlap also exists between APT 42 and an Iranian-sponsored ransomware actor, UNC2448.
Suspected victims
  • Think tanks, Western government officials, journalists, pharmaceutical companies, researchers, former Iranian government officials, Iranians living abroad, and countries such as the United States, Australia, Bulgaria, Iran, Israel, Italy, Malaysia, Norway
Suspected state sponsor
  • Iran (Islamic Republic of)
Type of incident
  • Espionage
Target category
  • Civil society
  • Private sector
  • Government