ETDA ThaiCERT
Report
Search
Home > List all groups > Iridium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Iridium

NamesIridium (Resecurity)
CountryIran Iran
MotivationInformation theft and espionage
First seen2018
Description(Kaspersky) Iridium is an APT that uses proprietary techniques to bypass two-factor authentication for critical applications, according to security firm Resecurity.

A researcher has attributed a recently publicized attack on Citrix’ internal network to the Iranian-linked group known as Iridium – and said that the data heist involved 6 terabytes of sensitive data.

The culprit is an APT that uses proprietary techniques to bypass two-factor authentication for critical applications and services for further unauthorized access to virtual private networks and single sign-on systems, according to Resecurity.

“[Iridium] has hit more than 200 government agencies, oil and gas companies and technology companies, including Citrix Systems Inc.,” they said. Threatpost has reached out for further details as to how the firm is linking the APT to the attack and will update this post accordingly.
ObservedSectors: Government, Oil and gas, Technology.
Tools usedChina Chopper, LazyCat, Powerkatz, Recon, reGeorg and Ckife Webshells.
Operations performedDec 2018Attacks on Australian government
<https://www.scmagazine.com/home/security-news/apts-cyberespionage/iridium-cyberespionage-gang-behind-aussie-parliament-attacks/>
<https://blog.yoroi.company/research/the-arsenal-behind-the-australian-parliament-hack/>
Dec 2018Breach of Citrix
<https://threatpost.com/ranian-apt-6tb-data-citrix/142688/>
Information<https://hub.packtpub.com/resecurity-reports-iriduim-behind-citrix-data-breach-200-government-agencies-oil-and-gas-companies-and-technology-companies-also-targeted/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: InvisiMole
Next: IronHusky

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key