Introduction
Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies. FireEye Operation Saffron Rose 2013
Activities and Tactics
Targeted Sectors: Aerospace, Defense, Gas, Oil, Military, Civil society, Activists, Journalist, Research - Innovation, Academia - University, Government, Administration, Government
Country of Origin: ๐ฎ๐ท Iran
Incident Type: Espionage
Suspected Victims: United States, Iranian internet activists, Saudi Arabia, Venezuela, Afghanistan, United Arab Emirates, Iran, Israel, Iraq, Kuwaitโฆ
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: Iran Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] FireEye Operation Saffron Rose 2013