Magic Hound

Threat Actor updated 23 days ago (2024-11-29T13:59:20.974Z)
Download STIX
Preview STIX
Magic Hound, also known as APT33, Peach Sandstorm, Holmium, Elfin, and Refined Kitten, is an Iranian cyber-espionage group that poses a significant threat to various sectors worldwide. This threat actor has been involved in multiple malicious campaigns, leveraging different types of sophisticated malware to execute their operations. Microsoft researchers have reported several instances of Magic Hound's activities, including the use of password spray attacks as part of a campaign named Peach Sandstorm. The group has targeted diverse sectors, including government, defense, satellite, oil, and gas in countries like the U.S. and UAE. One of the notable strategies employed by Magic Hound involves the use of FalseFont backdoor malware, which was recently discovered by Microsoft. The group has been using this malware to launch attacks against organizations in the Defense Industrial Base (DIB) sector. Additionally, they have utilized a custom multi-stage backdoor called Tickler to compromise organizations. As a testament to their adaptability, they have also leveraged open-source tools, such as FRP, to create encrypted tunnels from compromised machines to external servers under their control. In 2017, Magic Hound was linked to a campaign targeting government and technology sectors in Saudi Arabia. This operation, known as the Magic Hound campaign, demonstrated the group's persistent efforts to infiltrate high-value targets and further emphasized the global reach of their operations. Given the strategic nature of their targets and the sophistication of their tactics, it is clear that Magic Hound represents a formidable threat to cybersecurity, necessitating vigilance and robust defenses from potential targets.
Description last updated: 2024-09-05T18:16:52.571Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Peach Sandstorm is a possible alias for Magic Hound. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside gover
2
APT33 is a possible alias for Magic Hound. APT33, also known as Peach Sandstorm, is an Iran-linked threat actor associated with the Iranian Islamic Revolutionary Guard Corps (IRGC). This group has targeted communication equipment, government agencies, and the oil-and-gas industry in the United Arab Emirates and the United States, primarily f
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Magic Hound Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more