Magic Hound

Threat Actor updated 11 days ago (2024-09-05T18:17:45.948Z)

Download STIX

Preview STIX

Magic Hound, also known as APT33, Peach Sandstorm, Holmium, Elfin, and Refined Kitten, is an Iranian cyber-espionage group that poses a significant threat to various sectors worldwide. This threat actor has been involved in multiple malicious campaigns, leveraging different types of sophisticated malware to execute their operations. Microsoft researchers have reported several instances of Magic Hound's activities, including the use of password spray attacks as part of a campaign named Peach Sandstorm. The group has targeted diverse sectors, including government, defense, satellite, oil, and gas in countries like the U.S. and UAE. One of the notable strategies employed by Magic Hound involves the use of FalseFont backdoor malware, which was recently discovered by Microsoft. The group has been using this malware to launch attacks against organizations in the Defense Industrial Base (DIB) sector. Additionally, they have utilized a custom multi-stage backdoor called Tickler to compromise organizations. As a testament to their adaptability, they have also leveraged open-source tools, such as FRP, to create encrypted tunnels from compromised machines to external servers under their control. In 2017, Magic Hound was linked to a campaign targeting government and technology sectors in Saudi Arabia. This operation, known as the Magic Hound campaign, demonstrated the group's persistent efforts to infiltrate high-value targets and further emphasized the global reach of their operations. Given the strategic nature of their targets and the sophistication of their tactics, it is clear that Magic Hound represents a formidable threat to cybersecurity, necessitating vigilance and robust defenses from potential targets.

Description last updated: 2024-09-05T18:16:52.571Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Peach Sandstorm	2	Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and Refined Kitten, is a threat actor that has been active since 2013. This Iran-linked cyberespionage group has targeted various sectors, including aerospace, energy, government, defense, satellite, oil, and gas. It h
APT33	2	APT33, an Iran-linked threat actor also known as Peach Sandstorm, Holmium, Elfin, Refined Kitten, and Magic Hound, has been involved in a series of cyber espionage activities targeting various sectors. The group's primary targets include the government, defense, satellite, oil, and gas sectors in th

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Magic Hound Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Fortinet	11 days ago	Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 \| FortiGuard Labs
Securityaffairs	18 days ago	Iran-linked APT33 adds new Tickler malware to its arsenal
CERT-EU	9 months ago	Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
Securityaffairs	9 months ago	APT33 targets Defense Industrial Base sector with FalseFont
Securityaffairs	a year ago	Iranian Peach Sandstorm group behind recent password spray attacks - Security Affairs
Malwarebytes	a year ago	Decoy dog toolkit plays the long game with Pupy RAT