APT 34 is another Iranian hacker group that has been active since at least 2014. T
They have targeted various sectors, such as financial, government, energy, chemical, and telecommunications, in the Middle East and other regions. They are also known by other names, such as OilRig, COBALT GYPSY, IRN2, Helix Kitten, and Evasive Serpens.
History
APT 34 is suspected to be supported by the Iranian government, based on references to Iran in their infrastructure, use of Iranian IP addresses and VPNs, alignment with Iranian interests, and links to other Iranian hacker groups
APT 34 uses a variety of tools and techniques to infiltrate and compromise their targets, such as spear-phishing emails, malicious documents, web shells, backdoors, DNS tunneling, and custom malware
APT 34 has been involved in several campaigns against critical infrastructure companies, such as DNSpionage, HardPass, and Saitama, in which they used fake LinkedIn profiles and job offers to lure and infect their victims
APT 34 has also been linked to the destructive Shamoon malware attacks, along with APT 33, another Iranian hacker group
APT 34 has been observed to update and evolve their arsenal over time, adding new tools and features to evade detection and enhance their capabilities