
Also Known As
Cobalt Gypsy | Operation Woolen-Goldfish | Ajax Security Team | Operation Saffron Rose | Rocket Kitten | Phosphorus | Newscaster | Magic Hound
Origin
Iran
Target Countries
Canada | China | England | France | Germany | India | Israel | Kuwait | Mexico | Pakistan | Qatar | Saudi Arabia | South Korea | Turkey | United Arab Emirates | United States
Targeted Verticals
Aviation
Critical Infrastructure
Government | Military
Education
Healthcare
MITRE TTPs
Account Manipulation: Exchange Email Delegate Permissions
Archive Collected Data: Archive via Utility
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Command and Scripting Interpreter: Visual Basic
Command and Scripting Interpreter: Windows Command Shell
Command and Scripting Interpreter: PowerShell
Credentials from Password Stores: Credentials from Web Browsers
Email Collection: Local Email Collection
Indicator Removal on Host: File Deletion
Obfuscated Files or Information
OS Credential Dumping: LSASS Memory
Phishing: Spearphishing Attachment
Phishing: Spearphishing via Service
System Network Configuration Discovery