Cyber Resilience

Threat actor · all actors

CleaverG0003 state

🇮🇷 IR

aka Cleaver, Threat Group 2889, TG-2889, Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, Cobalt Gypsy, G0003

Last updated: 2026-07-03

0attributed CVEs
10ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-34 / 1040%
AC-44 / 1040%
CA-74 / 1040%
CM-24 / 1040%
CM-64 / 1040%
CM-74 / 1040%
SI-34 / 1040%
SI-44 / 1040%
AC-163 / 1030%
SI-123 / 1030%
SI-73 / 1030%
AC-172 / 1020%
AC-182 / 1020%
AC-192 / 1020%
AC-22 / 1020%

Co-occurring actors

None.

Similar actors

Same nation-state