First known appearance: 2013
Threat Actors: Iranian government and has possible ties to the Islamic Revolutionary Guard Corps (IRGC)
Targets: Aerospace and Energy sectors
Objectives: APT33’s targeting of organizations involved in aerospace and energy most closely aligns with nation-state interests, implying that the threat actor is most likely government sponsored.
Overview: APT33 has targeted organizations, spanning multiple industries, headquartered in the United States, Saudi Arabia and South Korea. APT33 has shown particular interest in organizations in the aviation sector involved in both military and commercial capacities, as well as organizations in the energy sector with ties to petrochemical production.
Associated malware: SHAPESHIFT, DROPSHOT, TURNEDUP, NANOCORE, NETWIRE, ALFA Shell