Introduction
Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations such as the World Health Organization (WHO), via complex social engineering campaigns since at least 2014. FireEye APT35 2018 ClearSky Kittens Back 3 August 2020 Certfa Charming Kitten January 2021 Secureworks COBALT ILLUSION Threat Profile Proofpoint TA453 July2021
Activities and Tactics
Targeted Sectors: Media, Academia, Government, Defense, Diplomacy, Military, Technology, Government, Administration
Country of Origin: 🇮🇷 Iran
Risk Level: High
First Seen: 2014
Last Activity: 2024
Incident Type: Espionage
Suspected Victims: U.S. government/defense sector websites, Saudi Arabia, Israel, Iraq, United Kingdom
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 2 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- Back Orifice
- Back Orifice 2000
Attribution and Evidence
Country of Origin: Iran Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] FireEye APT35 2018 [3] ClearSky Kittens Back 3 August 2020 [4] Certfa Charming Kitten January 2021 [5] Secureworks COBALT ILLUSION Threat Profile [6] Proofpoint TA453 July2021