APT39 is an Iranian cyberespionage group that has been active since at least 2014. The group is known to target the telecommunication and travel industries to collect personal information that aligns with Iran's national goals. 
The group is known to be using Secure Shell SSH to move laterally within the network.
Associated Group Descriptions
|Enterprise||VT0012||Command and Scripting Interpreter|
|Enterprise||VT0021||Credentials from Password Stores|
|Enterprise||VT0003||Exploit Public-Facing Application|
|Enterprise||VT0018||.001||Input Capture: Keylogging|
|Enterprise||VT0024||Network Service Scanning|
|Enterprise||VT0020||.001||Remote Services: SSH|
|Enterprise||VT0034||Remote System Discovery|
- Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.
- Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.
- Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.
Created: 02 May 2021
Last Modified: 02 May 2021