Cyber Resilience

Threat actor · all actors

Ajax Security TeamG0130 state

🇮🇷 IR

aka Ajax Security Team, Operation Woolen-Goldfish, AjaxTM, Rocket Kitten, Flying Kitten, Operation Saffron Rose

Last updated: 2026-07-03

1attributed CVEs
10ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[Ajax Security Team](https://attack.mitre.org/groups/G0130) is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 [Ajax Security Team](https://attack.mitre.org/groups/G0130) transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.(Citation: FireEye Operation Saffron Rose 2013)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CA-77 / 1070%
SI-47 / 1070%
AC-46 / 1060%
SC-76 / 1060%
SI-36 / 1060%
CM-25 / 1050%
CM-65 / 1050%
SC-445 / 1050%
SI-25 / 1050%
SI-85 / 1050%
CM-73 / 1030%
AC-62 / 1020%
IA-92 / 1020%
SC-202 / 1020%
SI-102 / 1020%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state