Magic Hound

Threat Actor updated a year ago (2024-11-29T13:59:20.974Z)

Download STIX

Preview STIX

Magic Hound, also known as APT33, Peach Sandstorm, Holmium, Elfin, and Refined Kitten, is an Iranian cyber-espionage group that poses a significant threat to various sectors worldwide. This threat actor has been involved in multiple malicious campaigns, leveraging different types of sophisticated malware to execute their operations. Microsoft researchers have reported several instances of Magic Hound's activities, including the use of password spray attacks as part of a campaign named Peach Sandstorm. The group has targeted diverse sectors, including government, defense, satellite, oil, and gas in countries like the U.S. and UAE. One of the notable strategies employed by Magic Hound involves the use of FalseFont backdoor malware, which was recently discovered by Microsoft. The group has been using this malware to launch attacks against organizations in the Defense Industrial Base (DIB) sector. Additionally, they have utilized a custom multi-stage backdoor called Tickler to compromise organizations. As a testament to their adaptability, they have also leveraged open-source tools, such as FRP, to create encrypted tunnels from compromised machines to external servers under their control. In 2017, Magic Hound was linked to a campaign targeting government and technology sectors in Saudi Arabia. This operation, known as the Magic Hound campaign, demonstrated the group's persistent efforts to infiltrate high-value targets and further emphasized the global reach of their operations. Given the strategic nature of their targets and the sophistication of their tactics, it is clear that Magic Hound represents a formidable threat to cybersecurity, necessitating vigilance and robust defenses from potential targets.

Description last updated: 2024-09-05T18:16:52.571Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Peach Sandstorm is a possible alias for Magic Hound. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside gover	2
APT33 is a possible alias for Magic Hound. APT33, also known as Peach Sandstorm, is an Iran-linked threat actor associated with the Iranian Islamic Revolutionary Guard Corps (IRGC). This group has targeted communication equipment, government agencies, and the oil-and-gas industry in the United Arab Emirates and the United States, primarily f	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Magic Hound Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Fortinet	a year ago	Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 \| FortiGuard Labs
Securityaffairs	a year ago	Iran-linked APT33 adds new Tickler malware to its arsenal
CERT-EU	2 years ago	Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
Securityaffairs	2 years ago	APT33 targets Defense Industrial Base sector with FalseFont
Securityaffairs	2 years ago	Iranian Peach Sandstorm group behind recent password spray attacks - Security Affairs
Malwarebytes	2 years ago	Decoy dog toolkit plays the long game with Pupy RAT