APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT42 (aka UNC788, CALANQUE) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT42
APT
IR · Iran
AKA
UNC788 · CALANQUE · ITG18 · Yellow Garuda · Damselfly
CrowdStrike
:
Charming Kitten
Microsoft
:
Mint Sandstorm
Proofpoint
:
TA453
Targets
21
Sectors
15
Threat types
1
GIRs covered
0/480
Active since
2015
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 21 countries
Region filter
Export
origin · Iran
targeted countries · 21
ASIA ·
9
United Arab Emirates
·
Azerbaijan
·
Israel
·
Iraq
·
Iran
·
Lebanon
·
Malaysia
·
Saudi Arabia
·
Türkiye
EUROPE ·
9
Albania
·
Austria
·
Belgium
·
Bulgaria
·
Germany
·
United Kingdom
·
Italy
·
Norway
·
Ukraine
OCEANIA ·
1
Australia
AFRICA ·
1
Egypt
AMERICAS ·
1
United States
Sectors targeted
15 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Financial Services
61 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Technology
51 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Legal & Professional
13 actors
Dissidents (as targets)
14 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 20 techniques
Reconnaissance
· 1
T1682
Query Public AI Services
Resource Development
· 1
T1583.003
Virtual Private Server
Initial Access
· 1
Execution
· 4
T1047
Windows Management Instrumentation
Persistence
· 1
T1547
Boot or Logon Autostart Execution
Credential Access
· 2
T1111
Multi-Factor Authentication Interception
Discovery
· 1
T1016
System Network Configuration Discovery
Collection
· 2
T1056
Input Capture
T1113
Screen Capture
Command And Control
· 3
T1071.001
Web Protocols
T1102
Web Service
Defense Impairment
· 1
T1112
Modify Registry
Stealth
· 3
T1036.005
Match Legitimate Resource Name or Location
T1070
Indicator Removal
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1566.002
Spearphishing Link
T1053.005
Scheduled Task
T1059.001
PowerShell
T1059.005
Visual Basic
T1555.003
Credentials from Web Browsers
T1573.002
Asymmetric Cryptography
T1684.001
Impersonation