APT42

APT / StateG1044
OriginIrã
Techniques (MITRE ATT&CK)32
SourceMITRE ATT&CK

Vexday analysis

APT42 é um grupo de espionagem cibernética patrocinado pelo Irã, ativo pelo menos desde 2015, com foco principal em alvos no Oriente Médio, mas com histórico de atuação em diversas indústrias e países. O grupo inicia suas operações por meio de e-mails de spearphishing e/ou do malware Android PINEFLOWER, monitorando e coletando informações dos sistemas e dispositivos comprometidos antes de exfiltrar dados com ferramentas nativas e de código aberto. Rastreado pelo MITRE ATT&CK sob o identificador G1044, o grupo possui 32 técnicas documentadas e é associado por outros fornecedores ao cluster conhecido como Magic Hound.

Techniques (MITRE ATT&CK) 32

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance
Query Public AI Services
Resource development
DomainsVirtual Private ServerEmail AccountsToolUpload Malware
Initial access
Spearphishing Link
Execution
Windows Management InstrumentationScheduled TaskPowerShellVisual Basic
Persistence
Boot or Logon Autostart Execution
Credential access
Multi-Factor Authentication InterceptionSteal Web Session CookieCredentials from Web Browsers
Discovery
System Network Configuration DiscoverySystem Information DiscoveryLocal AccountSecurity Software Discovery
Collection
Input CaptureKeyloggingScreen CaptureData from Cloud Storage
Command and control
Web ProtocolsWeb ServiceStandard EncodingAsymmetric Cryptography
defense-impairment
Modify Registry
stealth
Match Legitimate Resource Name or LocationIndicator RemovalClear Mailbox DataImpersonation

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

APT42 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →