APT 50 is another name for APT-C-50, a threat group that researchers have attributed to Iran
APT-C-50 has been active since at least 2017, and has targeted organizations in the Middle East, especially in Saudi Arabia and Iraq
APT-C-50 has also been linked to other Iranian threat groups, such as APT33 and APT34
Attack types
APT-C-50 is known to use various techniques such as spearphishing, credential harvesting, web shells, remote access trojans, and data exfiltration
APT-C-50 has also exploited vulnerabilities in widely used software such as Microsoft Exchange Server, Microsoft SharePoint, and Oracle WebLogic Server
Some of the malware families that APT-C-50 has used are PowGoop, Fox Kitten, StoneDrill, ZeroCleare, and Dustman
These malware are designed to steal information, destroy data, or gain persistence on the compromised systems
Aliases
Some of the aliases that APT-C-50 has been given by different security researchers are Magic Hound, Shamoon, Timberworm, and Lyceum
The name “Magic Hound” originates from the use of canine-related terms in some of their malware