← threatfilter.dev / all groups / Cleaver
Cleaver
Also known as: Threat Group 2889 · TG-2889
Overview
Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889).
Targets
Defense · Education · Energy · Government · Private sector · Technology
Regions
Canada · China · France · Germany · India · Israel · Kuwait · Mexico · Pakistan · Qatar · Saudi Arabia · South Korea · Turkey · United Kingdom · United States
TTPs — 5 techniques across 2 tactics
Resource Development
-
T1585.001Social Media Accounts -
T1587.001Malware -
T1588.002Tool
Credential Access
-
T1003.001LSASS Memory -
T1557.002ARP Cache Poisoning
Tools & malware (4)
Net Crawler · PsExec · TinyZBot · Mimikatz
Reporting (2)
- Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles — Dell SecureWorks
- Operation Cleaver — Cylance