🇮🇷
APT42
APT Group
Information theft and espionage
9 zero-day CVEs
ETDA ✓
Also Known As 3 names
CALANQUE
UNC788
APT 42
Target Countries 18
Countries highlighted in red
United Arab Emirates
Australia
Azerbaijan
Belgium
Bulgaria
China
Germany
France
United Kingdom
Israel
India
Islamic Republic of Iran
Italy
Malaysia
Norway
Palestine
Ukraine
United States
Sectors Targeted
Public Administration
92
Pharmaceuticals
Research and Development in the Social Sciences and Humanities
54172
Healthcare
Grantmaking and Giving Services
8132
Military
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Non-profit organizations
Manufacturing
Finance
Chemical Manufacturing
325
Motion Picture and Video Production
51211
National Security and International Affairs
9281
Newspaper Publishers
51111
NGOs
Utilities
22
Media
Religious Organizations
8131
Space Research and Technology
927
NAICS:31
31
Data Processing, Hosting, and Related Services
51821
Pharmaceutical
Legal
Publishing Industries (except Internet)
511
Professional, Scientific, and Technical Services
54
Computer Systems Design and Related Services
54151
Internet Publishing and Broadcasting and Web Search Portals
51913
Legal and professional services
Computer Systems Design and Related Services
5415
Government
Business to Business Electronic Markets
42511
Computer Systems Design Services
541512
Civil Society
Energy
Telecommunications
517
Data Processing, Hosting, and Related Services
518
National Security and International Affairs
928
Educational Services
61
Air Transportation
481
Health Care and Social Assistance
62
Mining, Quarrying, and Oil and Gas Extraction
21
Information
51
Defense
Education
Details
Origin
🇮🇷 IR
Last Updated
17 Nov 2025
MITRE ATT&CK 99
T1001
T1003 - OS Credential Dumping
T1009 - Binary Padding
T1016
T1018
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1036
T1036.005
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1047 - Windows Management Instrumentation
T1049
T1053 - Scheduled Task/Job
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1059 - Command and Scripting Interpreter
T1059.001
T1059.005
T1068
T1070
T1070.008
T1071 - Application Layer Protocol
T1071.001
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1086 - PowerShell
T1087 - Account Discovery
T1087.001
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1111
T1112
T1113 - Screen Capture
T1114 - Email Collection
T1123 - Audio Capture
T1127
T1132 - Data Encoding
T1132.001
T1134
T1136 - Create Account
T1140 - Deobfuscate/Decode Files or Information
T1190
T1195 - Supply Chain Compromise
T1204 - User Execution
T1218
T1219 - Remote Access Software
T1426
T1495 - Firmware Corruption
T1496
T1497 - Virtualization/Sandbox Evasion
T1497.001
T1518 - Software Discovery
T1518.001
T1530
T1539
T1543
T1547 - Boot or Logon Autostart Execution
T1555 - Credentials from Password Stores
T1555.003
T1566 - Phishing
T1566.001
T1566.002 - Spearphishing Link
T1568 - Dynamic Resolution
T1569
T1573 - Encrypted Channel
T1573.002
T1583
T1583.001
T1583.003
T1584 - Compromise Infrastructure
T1585 - Establish Accounts
T1585.002
T1586 - Compromise Accounts
T1587 - Develop Capabilities
T1588
T1588.002
T1589 - Gather Victim Identity Information
T1589.002 - Email Addresses
T1590.002 - DNS
T1591 - Gather Victim Org Information
T1592 - Gather Victim Host Information
T1593.002 - Search Engines
T1595
T1598 - Phishing for Information
T1598.002 - Spearphishing Attachment
T1608
T1608.001
T1610 - Deploy Container
T1656
T1682
T1684
T1684.001