Group5

Description

(SecurityWeek) A threat actor using Iranian-language tools, Iranian hosting companies, operating from the Iranian IP space at times was observed targeting the Syrian opposition in an elaborately staged malware operation, Citizen Lab researchers reveal.

The operation was first noticed in late 2015, when a member of the Syrian opposition flagged a suspicious email containing a PowerPoint slideshow, which led researchers to a watering hole website with malicious programs, malicious PowerPoint files, and Android malware.

The threat actor was targeting Windows and Android devices of well-connected individuals in the Syrian opposition, researchers discovered. They called the actor Group5, because it targets Syrian opposition after regime-linked malware groups, the Syrian Electronic Army (SEA), Deadeye Jackal, ISIS (also known as the Islamic State or ISIL), and a group linked to Lebanon did the same in the past.

Names

Name	Name-Giver
Group5	Citizen Lab

Country

Iran

State-sponsored

Motivation

Information theft and espionage

First Seen

2015

Observed Countries

Syria

Tools

Information

https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition

Mitre Attack

https://attack.mitre.org/groups/G0043/

Other Information

Uuid

316b9d45-f67a-4595-bdf3-5137489fb3c5

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

Group5

Group5

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks

Threat Intelligence Garden

Explorer

Group5

Group5

Description

Names

Country

Sponsor

Motivation

First Seen

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks