IR

TAG-56TAG-56

Also known as: TAG-56

Origin
IR
Known aliases
1

Profile

TAG-56 is a threat actor group that shares similarities with the APT42 group. They use tactics such as fake registration pages and spearphishing to target victims, often using encrypted chat platforms like WhatsApp or Telegram. TAG-56 is believed to be part of a broader campaign led by an Iran-nexus threat activity group. They have been observed using shared web hosts and recycled code, indicating a preference for acquiring purpose-built infrastructure rather than establishing their own.

Aliases· 1

TAG-56

References

  1. https://socradar.io/dark-web-profile-apt42-iranian-cyber-espionage-group/
  2. https://www.recordedfuture.com/suspected-iran-nexus-tag-56-uses-uae-forum-lure-for-credential-theft-against-us-think-tank

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TAG-140
Actor
Team46
Actor
TA570
Actor
TA402
Actor
APT42
Group
TA459
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.