APT39
High ConfidenceMedium ThreatChafer • Remix Kitten • ITG07
APT39 is an Iranian cyber espionage group that has been active since at least 2014. It is attributed to the Iranian Ministry of Intelligence and Security (MOIS) and operates through the front company Rana Intelligence Computing. The group's primary mission is to conduct surveillance and steal personal information from a wide range of targets to track individuals and entities considered a threat to the Iranian government. APT39's operations are global in scale, with a focus on the Middle East, but also extending to North America, Europe, Asia, and Africa. The group employs a variety of tactics, techniques, and procedures (TTPs) to achieve its objectives, including spearphishing campaigns with malicious attachments and links, exploiting public-facing applications, and using a mix of custom and publicly available malware and tools. APT39 has shown a particular interest in the telecommunications, travel, and technology sectors, likely to support its information-gathering and surveillance goals. The U.S. government has taken action against APT39, including sanctions against the group and associated individuals, to disrupt its malicious cyber activities.
APT39 is an Iranian cyber espionage group that has been active since at least 2014. It is attributed to the Iranian Ministry of Intelligence and Security (MOIS) and operates through the front company Rana Intelligence Computing. The group's primary mission is to conduct surveillance and steal personal information from a wide range of targets to track individuals and entities considered a threat to the Iranian government. APT39's operations are global in scale, with a focus on the Middle East, but also extending to North America, Europe, Asia, and Africa. The group employs a variety of tactics, techniques, and procedures (TTPs) to achieve its objectives, including spearphishing campaigns with malicious attachments and links, exploiting public-facing applications, and using a mix of custom and publicly available malware and tools. APT39 has shown a particular interest in the telecommunications, travel, and technology sectors, likely to support its information-gathering and surveillance goals. The U.S. government has taken action against APT39, including sanctions against the group and associated individuals, to disrupt its malicious cyber activities.
Target Sectors
Target Regions
Attributed to State-Sponsored (Iran). Attribution confidence: High.
Future Outlook
APT39 is expected to continue operations targeting Telecommunications.
First observed activity
Ongoing operations