IRconfidence: 50G0059

APT35APT35

Also known as: Newscaster Team · Magic Hound · G0059 · Phosphorus · Mint Sandstorm · TunnelVision · COBALT MIRAGE · Agent Serpens · APT35

Origin
IR
Known aliases
9
Attribution
50

Profile

FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.

Aliases· 9

Newscaster TeamMagic HoundPhosphorusMint SandstormTunnelVisionCOBALT MIRAGEAgent SerpensAPT35
G0059

MITRE ATT&CK Group crosswalk

G0059

References

  1. https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
  2. https://attack.mitre.org/groups/G0059/
  3. https://www.cfr.org/interactive/cyber-operations/magic-hound
  4. https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/
  5. https://securityaffairs.co/wordpress/56348/intelligence/magic-hound-campaign.html
  6. https://www.cfr.org/cyber-operations/apt-35
  7. https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/
  8. https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT33
Actor
APT37
Actor
APT39
Actor
APT42
Actor
APT30
Actor
APT17
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.