Threat actor · all actors
CleaverG0003 state
🇮🇷 IR
aka Cleaver, Threat Group 2889, TG-2889, Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, Cobalt Gypsy, G0003
Last updated: 2026-07-03
0attributed CVEs
10ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-3 | 4 / 10 | 40% |
AC-4 | 4 / 10 | 40% |
CA-7 | 4 / 10 | 40% |
CM-2 | 4 / 10 | 40% |
CM-6 | 4 / 10 | 40% |
CM-7 | 4 / 10 | 40% |
SI-3 | 4 / 10 | 40% |
SI-4 | 4 / 10 | 40% |
AC-16 | 3 / 10 | 30% |
SI-12 | 3 / 10 | 30% |
SI-7 | 3 / 10 | 30% |
AC-17 | 2 / 10 | 20% |
AC-18 | 2 / 10 | 20% |
AC-19 | 2 / 10 | 20% |
AC-2 | 2 / 10 | 20% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Triton Safety Instrumented System Attack 0.27
- Aoqin Dragon 0.21
- C0010 0.20
- CostaRicto 0.19
- Whitefly 0.19
Same nation-state
- HomeLand Justice 1.00
- Outer Space 1.00
- Juicy Mix 1.00
- OilRig 1.00
- CopyKittens 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00