Cyber Resilience

Threat actor · all actors

APT39G0087 state

🇮🇷 IR

aka APT39, ITG07, Chafer, Remix Kitten, COBALT HICKMAN, G0087, Radio Serpens, TA454, Burgundy Sandstorm

Last updated: 2026-07-03

0attributed CVEs
72ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-452 / 7272%
CM-647 / 7265%
CM-244 / 7261%
CM-737 / 7251%
SI-337 / 7251%
AC-335 / 7249%
AC-633 / 7246%
CA-733 / 7246%
AC-231 / 7243%
SC-725 / 7235%
AC-424 / 7233%
SI-723 / 7232%
AC-522 / 7231%
CM-522 / 7231%
IA-220 / 7228%

Co-occurring actors

None.

Similar actors

Similar TTPs

Same nation-state