APT52

GPTKB entity

Statements (33)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2014
gptkbp:alsoKnownAs gptkb:Charming_Kitten
gptkbp:associatedWith gptkb:Iranian_Revolutionary_Guard_Corps
gptkbp:connectsTo gptkb:APT35
gptkb:Newscaster_Team
Phosphorus
gptkbp:countryOfOrigin gptkb:Iran
https://www.w3.org/2000/01/rdf-schema#label APT52
gptkbp:infrastructure malicious domains
spoofed login pages
fake news websites
gptkbp:mainLanguage gptkb:Persian
gptkbp:motive espionage
surveillance
gptkbp:notableOperation gptkb:Operation_Saffron_Rose
gptkb:Operation_Newscaster
targeting Middle Eastern organizations
targeting US and UK universities
gptkbp:operatedBy gptkb:Iranian_government
gptkbp:target academics
journalists
human rights activists
government organizations
dissidents
gptkbp:technique social engineering
spear phishing
watering hole attacks
gptkbp:usesMalware phishing tools
credential harvesting tools
PowerShell backdoors
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7