G0130 · 6 ATT&CK techniques · 1 correlated reports

Ajax Security Team

Aliases: Operation Woolen-Goldfish, AjaxTM, Rocket Kitten, Flying Kitten, Operation Saffron Rose

Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.

Open interactive actor investigation

ATT&CK techniques

T1056.001
Keylogging T1566.003
Spearphishing via Service T1566.001
Spearphishing Attachment T1204.002
Malicious File T1555.003
Credentials from Web Browsers T1105
Ingress Tool Transfer

Correlated CTI and IR reports

Executive Summary
Israel Threat Actors CTI · explicit report mention

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research