APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT35 (aka Newscaster, Mint Sandstorm) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT35
APT
IR · Iran
AKA
Newscaster · Mint Sandstorm · Magic Hound · Educated Manticore · NewsBeef · Yellow Garuda · ITG18
Microsoft
:
Phosphorus
CrowdStrike
:
CHARMING KITTEN
Proofpoint
:
TA453
Secureworks
:
COBALT ILLUSION
Targets
19
Sectors
19
Threat types
1
GIRs covered
0/480
Active since
2014
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 19 countries
Region filter
Export
origin · Iran
targeted countries · 19
ASIA ·
9
United Arab Emirates
·
Azerbaijan
·
Israel
·
India
·
Iraq
·
Iran
·
Kuwait
·
Saudi Arabia
·
Türkiye
EUROPE ·
6
Albania
·
Switzerland
·
Germany
·
United Kingdom
·
Latvia
·
Netherlands
OCEANIA ·
1
Australia
AFRICA ·
1
Egypt
AMERICAS ·
2
United States
·
Uruguay
Sectors targeted
19 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Financial Services
61 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Technology
51 actors
Telecom
57 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Transportation
25 actors
Legal & Professional
13 actors
Chemicals
15 actors
Dissidents (as targets)
14 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 52 techniques
Reconnaissance
· 4
T1589.001
Credentials
T1589.002
Email Addresses
T1591.001
Determine Physical Locations
T1592.002
Software
Resource Development
· 1
T1583.006
Web Services
Initial Access
· 4
T1189
Drive-by Compromise
Execution
· 6
T1047
Windows Management Instrumentation
Persistence
· 2
T1098.002
Additional Email Delegate Permissions
Credential Access
· 1
T1003.001
LSASS Memory
Discovery
· 8
T1016
System Network Configuration Discovery
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1570
Lateral Tool Transfer
Collection
· 5
T1005
Data from Local System
T1113
Screen Capture
T1114.001
Local Email Collection
Exfiltration
· 1
T1567
Exfiltration Over Web Service
Impact
· 1
T1486
Data Encrypted for Impact
Command And Control
· 7
T1071
Application Layer Protocol
T1071.001
Web Protocols
T1090
Proxy
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 8
T1027.010
Command Obfuscation
T1036.004
Masquerade Task or Service
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1190
Exploit Public-Facing Application
T1566.002
Spearphishing Link
T1566.003
Spearphishing via Service
T1053.005
Scheduled Task
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1204.001
Malicious Link
T1547.001
Registry Run Keys / Startup Folder
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1046
Network Service Discovery
T1049
System Network Connections Discovery
T1057
Process Discovery
T1083
File and Directory Discovery
T1482
Domain Trust Discovery
T1114.002
Remote Email Collection
T1560.001
Archive via Utility
T1102.002
Bidirectional Communication
T1105
Ingress Tool Transfer
T1571
Non-Standard Port
T1573
Encrypted Channel
T1685
Disable or Modify Tools
T1036.005
Match Legitimate Resource Name or Location
T1036.010
Masquerade Account Name
T1070.004
File Deletion
T1078.002
Domain Accounts
T1218.011
Rundll32
T1564.003
Hidden Window