Helix Kitten

Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,^[1] or EUROPIUM)^[2] is a hacker group identified by CrowdStrike as Iranian.^[3][4]

Helix Kitten

بچه گربه هلیکس
Formation	c. 2004–2007
Type	Advanced persistent threat
Purpose	Cyberespionage, cyberwarfare
Methods	Zero-days, spearphishing, malware
Official language	Persian
Affiliations	APT33
Formerly called	APT34

History

The group has reportedly been active since at least 2014.^[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.^[3]

In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.^[5][6]

Targets

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.^[3]

Techniques

APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.^[3]