APT 33 | CFR Interactives

APT 33

Affiliations

Also known as Magnallium and Elfin. Suspected to be linked to the Shamoon malware attacks in 2018.

This threat actor is an Iranian state-sponsored APT that targets private-sector entities in the aviation, energy, and petrochemical sectors for the purpose of espionage. It first became active in late 2015 or early 2016, and has been involved in a three-year campaign against multiple firms in the United States and Saudi Arabia. On December 19, 2018, McAfee attributed the 2016 and 2017 Shamoon wiper malware attacks on several companies in the Middle East and Europe to APT 33. Also known as Holmium and Peach Sandstorm.

Suspected victims

United States

Saudi Arabia

South Korea

Suspected state sponsor

Iran (Islamic Republic of)

Type of incident

Espionage

Target category

Private sector

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
Magnallium
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events