About this actor
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.(Citation: Mandiant APT42-charms) [APT42](https://attack.mitre.org/groups/G1044) starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.(Citation: Mandiant APT42-charms) Finally, [APT42](https://attack.mitre.org/groups/G1044) exfiltrates data using native features and open-source tools.(Citation: Mandiant APT42-untangling) [APT42](https://attack.mitre.org/groups/G1044) activities have been linked to [Magic Hound](https://attack.mitre.org/groups/G0059) by other commercial vendors. While there are behavior and software overlaps between [Magic Hound](https://attack.mitre.org/groups/G0059) and [APT42](https://attack.mitre.org/groups/G1044), they appear to be distinct entities and are tracked as separate entities by their originating vendor.
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1016T1036T1036.005T1047T1053T1053.005T1056T1056.001T1059T1059.001T1059.005T1070T1070.008T1071T1071.001T1082T1087T1087.001T1102T1111T1112T1113T1132T1132.001T1518T1518.001T1530T1539T1547T1555T1555.003T1566T1566.002T1573T1573.002T1583T1583.001T1583.003T1585T1585.002T1588T1588.002T1608T1608.001T1682T1684T1684.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 25 / 47 | 53% |
CM-6 | 24 / 47 | 51% |
CM-2 | 22 / 47 | 47% |
CA-7 | 19 / 47 | 40% |
SI-3 | 19 / 47 | 40% |
CM-7 | 16 / 47 | 34% |
AC-6 | 14 / 47 | 30% |
AC-3 | 13 / 47 | 28% |
AC-2 | 12 / 47 | 26% |
AC-4 | 11 / 47 | 23% |
SC-7 | 10 / 47 | 21% |
SI-7 | 10 / 47 | 21% |
AC-5 | 8 / 47 | 17% |
IA-2 | 8 / 47 | 17% |
RA-5 | 8 / 47 | 17% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- TA2541 0.35
- MuddyWater 0.28
- HEXANE 0.27
- OilRig 0.26
- RedCurl 0.26