Chafer vs. Kuwait

basic information

description

The APT Chafer Attacked primarily Kuwaiti Networks between May 2018 and July 2019

sources attribution

Not available

sources politicalization

Not available

start

30.05.2018

end

26.07.2019

source incident detection disclosure

Incident disclosed by IT-security company

receiver

label:

Not available

category:

State institutions / political system

Government / ministries

Critical infrastructure

Transportation

country:

Kuwait

label:

Not available

category:

State institutions / political system

Government / ministries

Critical infrastructure

Transportation

country:

Saudi Arabia

inclusion criteria

Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals

Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated

Attack on (inter alia) political target(s), not politicized

articles

https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html

added to database

15.08.2022

attributions

articles

Not available

attribution date

2020

attribution basis

IT-security community attributes attacker

attributing country

Not available

attributing actors

Not available

attribution type

Technical report (e.g., by IT-companies, Citizen Lab, EFF)

initiators

label:

APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)

category:

Non-state actor, state-affiliation suggested

Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)

countries:

Iran, Islamic Republic of

legal attribution references

Not available

technical categories

Incident/Operation Type

Data theft

Hijacking with Misuse

data theft

For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)

disruption

none

hijacking

Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)

Physical Effects (temporal)

none

Physical Effects (spatial)

none

unweighted cyber intensity

Target / Effect Multiplier

Moderate - high political importance

weighted cyber intensity

Low / moderate intensity - 3

MITRE: Initial Access

Not available

MITRE: Impact

Not available

Common Vulnerability Scoring System: User Interaction

Not available

Zero Day

political categories

cyber conflict issue

International power

offline conflict issue

Unknown

offline conflict intensity

Unknown

casualties

No casualties as a direct result of the cyber incident

political response

Not available

legal categories

state responsibility indicator

Not available

il breach indicator

Not available

response indicator

Not available

Evidence for Sanctions Indicator

Not available

legal response

Not available

impact indicator

Not available