APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.  
Associated Group Descriptions
|Enterprise||T1043||Commonly Used Port|
|Enterprise||T1048||Exfiltration Over Alternative Protocol|
|Enterprise||T1203||Exploitation for Client Execution|
|Enterprise||T1068||Exploitation for Privilege Escalation|
|Enterprise||T1027||Obfuscated Files or Information|
|Enterprise||T1060||Registry Run Keys / Startup Folder|
|Enterprise||T1105||Remote File Copy|
|Enterprise||T1071||Standard Application Layer Protocol|
|Enterprise||T1032||Standard Cryptographic Protocol|
|Enterprise||T1065||Uncommonly Used Port|
- O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.
- Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.
- Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
- Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.