Security is Everyone's Job

APT 50

APT 50 is another name for APT-C-50, a threat group that researchers have attributed to Iran

APT-C-50 has been active since at least 2017, and has targeted organizations in the Middle East, especially in Saudi Arabia and Iraq

APT-C-50 has also been linked to other Iranian threat groups, such as APT33 and APT34

Attack types

APT-C-50 is known to use various techniques such as spearphishing, credential harvesting, web shells, remote access trojans, and data exfiltration

APT-C-50 has also exploited vulnerabilities in widely used software such as Microsoft Exchange Server, Microsoft SharePoint, and Oracle WebLogic Server

Some of the malware families that APT-C-50 has used are PowGoop, Fox Kitten, StoneDrill, ZeroCleare, and Dustman

These malware are designed to steal information, destroy data, or gain persistence on the compromised systems


Some of the aliases that APT-C-50 has been given by different security researchers are Magic Hound, Shamoon, Timberworm, and Lyceum

The name “Magic Hound” originates from the use of canine-related terms in some of their malware