Sure, here's an overview of the APT known as IRIDIUM:
IRIDIUM is a highly sophisticated and well-resourced Advanced Persistent Threat (APT) group that has been active since at least 2014. The group is believed to be based in Russia, although its exact origins are unclear. IRIDIUM's primary targets have included government agencies, military organizations, and defense contractors in the United States, Europe, and Asia.
IRIDIUM has been known for a number of high-profile attacks over the years, including breaches at the US Department of Defense (DoD), NATO, and several European governments. The group is also believed to have played a role in the cyberattack on Ukraine's power grid in 2015, which left hundreds of thousands without electricity for days.
IRID
Techniques, tactics and practices:
Sure! Here's an overview of some common TTPs used by IRIDIUM:
1. Spear-phishing emails - IRIDIUM is known to use spear-phishing emails, which are highly targeted and personalized messages that appear to come from a trustworthy source (such as a government agency or financial institution) in order to trick the recipient into opening an attachment containing malware.
2. Watering hole attacks - IRIDIUM has been known to use watering hole attacks, which involve compromising websites and online services that are likely to be visited by their target audience (such as government agencies or defense contractors). Once a user visits the compromised site, they may unknowingly download malware.
3. Remote access tools - IRIDIUM has been known to use remote access tools such as Mimikatz and PsExec in order to gain unauthorized
Alternative Names
Alternative Names
