ITG18 is an alternate name for the group known as APT35

---

ITG18 is an advanced persistent threat (APT) that has been active since at least 2013 and continues to target organizations in various industries, including government agencies, defense contractors, telecommunications companies, and financial institutions. The group\'s primary focus appears to be on stealing sensitive information related to military operations, foreign policy decisions, economic sanctions, and diplomatic relations between countries. ITG18 has been linked to several high-profile cyber attacks in recent years, including the 2017 WannaCry ransomware attack that affected over 300,000 computers worldwide. The group is believed to be associated with Iranian intelligence agencies and operates under a variety of aliases, making it difficult for security researchers to track their activities in detail.

Techniques, tactics and practices:

ITG18 is a highly sophisticated threat actor that employs various techniques to achieve its objectives. Some of their common TTPs include:

* Spear-phishing emails and social engineering tactics to gain initial access into targeted networks or systems.
* Use of custom malware, such as the \"WannaCry\" ransomware that was linked to ITG18 in 2017.
* Advanced persistent threat (APT) techniques, including long-term persistence within compromised systems and use of multiple layers of obfuscation to evade detection by security tools.
* Ability to operate across a wide range of platforms, from Windows to macOS and Linux systems.
* Use of virtual private networks (VPNs) and other anonymization techniques to hide their activities online.
* Focus on stealing sensitive information related to military operations, foreign policy decisions,