Greenbug is believed to be an Iranian threat actor with ties to the group behind the Shamoon malware. It has previously used off-the-shelf tools and living-off-the-land techniques to gain access to South Asian telecommunication companies’ servers. It has also used custom remote access trojans (RAT) to steal information and credentials from Middle Eastern targets.
Suspected victims
  • South Asian telecommunication providers
  • Middle Eastern government, aviation, education, and investment organizations
Suspected state sponsor
  • Iran (Islamic Republic of)