APT 33
Affiliations
  • Also known as Magnallium and Elfin. Suspected to be linked to the Shamoon malware attacks in 2018.
This threat actor is an Iranian state-sponsored APT that targets private-sector entities in the aviation, energy, and petrochemical sectors for the purpose of espionage. It first became active in late 2015 or early 2016, and has been involved in a three-year campaign against multiple firms in the United States and Saudi Arabia. On December 19, 2018, McAfee attributed the 2016 and 2017 Shamoon wiper malware attacks on several companies in the Middle East and Europe to APT 33. Also known as Holmium and Peach Sandstorm.
Suspected victims
  • United States
  • Saudi Arabia
  • South Korea
Suspected state sponsor
  • Iran (Islamic Republic of)
Type of incident
  • Espionage
Target category
  • Private sector