top of page

Threat Actor Profile - APT33

Threat Actor: APT 33; AKA "Elfin", "Holmium", or "Magnallium"

Date of Activity: ~2013-Present

Overview: APT 33 (aka Elfin, Holmium, or Magnallium) is a state-sponsored hacking group believed to be operating out of Iran. The group has been active since at least 2013 and is thought to have been involved in several high-profile cyber attacks against a range of targets, including government agencies, businesses, and critical infrastructure.

APT 33 is known for using a range of sophisticated hacking tools and techniques, including spearphishing, zero-day exploits, and implans. The group has been linked to several major campaigns, including the destructive attacks on Saudi Arabian oil company Aramco in 2012 and the 2017 ransomware attack on British shipping company Maersk.

APT 33 is thought to be part of Iran's Cyber Army, a group of hackers and cyber criminals that are believed to be working on behalf of the Iranian government. The group is believed to be well-funded and highly skilled, with a particular focus on targeting organizations in the Middle East and the United States.

Despite their advanced capabilities, APT 33 has been tracked and exposed by a number of security firms and researchers. In 2017, cybersecurity firm FireEye published a detailed report on the group's activities, including their tactics, techniques, and procedures. This report helped to shed light on the group's operations and has aided in the efforts to defend against their attacks.

APT 33 is a highly dangerous and sophisticated hacking group that poses a significant threat to organizations around the world. Unlike other APTs, APT 33 conducts both intelligence collection and destructive attacks against targets on behalf of the Iranian government.


• Nation-state tool set; to include exploits, implants, and RATs

• Intelligence collection and destructive cyber attacks

• Sophisticated Social engineering

• Implementing encrypted communications and co-opted infrastructure

• Long-term access to networks with deep access

• Highly customizable toolkit tailored for specific operations

7 views0 comments

Recent Posts

The Latest

Get the daily newsletter that intelligence professionals rely on to stay informed.

Want Even More Content?