Cyber Resilience

Threat actor · all actors

Group5G0043 unknown

aka Group5, G0043

Last updated: 2026-07-03

0attributed CVEs
7ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Group5](https://attack.mitre.org/groups/G0043) is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. [Group5](https://attack.mitre.org/groups/G0043) has used two commonly available remote access tools (RATs), [njRAT](https://attack.mitre.org/software/S0385) and [NanoCore](https://attack.mitre.org/software/S0336), as well as an Android RAT, DroidJack. (Citation: Citizen Lab Group5)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-33 / 743%
AC-32 / 729%
CM-22 / 729%
CM-62 / 729%
SI-42 / 729%
SI-72 / 729%
AC-161 / 714%
AC-171 / 714%
AC-181 / 714%
AC-21 / 714%
AC-51 / 714%
AC-61 / 714%
CA-71 / 714%
CM-71 / 714%
CP-61 / 714%

Co-occurring actors

None.

Similar actors