APT33
High ConfidenceHigh ThreatElfin • HOLMIUM • Refined Kitten • Peach Sandstorm • Magnallium
APT33, known as Elfin, HOLMIUM, or Peach Sandstorm, is an Iranian state-sponsored cyber espionage group active since at least 2013. The group primarily targets aerospace, energy, and petrochemical sectors in the United States, Saudi Arabia, and South Korea. APT33 is notable for their development of destructive capabilities, including links to the Shamoon disk-wiping malware. Their operations support Iranian strategic interests, particularly regarding regional rivals and the global energy sector. The group employs spear-phishing campaigns with malicious documents and has demonstrated password spraying capabilities against thousands of organizations.
APT33, known as Elfin, HOLMIUM, or Peach Sandstorm, is an Iranian state-sponsored cyber espionage group active since at least 2013. The group primarily targets aerospace, energy, and petrochemical sectors in the United States, Saudi Arabia, and South Korea. APT33 is notable for their development of destructive capabilities, including links to the Shamoon disk-wiping malware. Their operations support Iranian strategic interests, particularly regarding regional rivals and the global energy sector. The group employs spear-phishing campaigns with malicious documents and has demonstrated password spraying capabilities against thousands of organizations.
Target Sectors
Target Regions
Attributed to IRGC (Islamic Revolutionary Guard Corps) (Iran). Attribution confidence: High.
Future Outlook
APT33 is expected to continue operations targeting Aerospace sectors.
First observed activity of APT33
Continued active operations