TLP:CLEAR | Mixed audience | Updated: March 2026 1. IDENTIFICATION & ATTRIBUTION Designations: OilRig (CrowdStrike), Helix Kitten (CrowdStrike), APT34 (Mandiant/Google), IRN2 (SecureWorks), COBALT GYPSY (SecureWorks), Crambus (Symantec), Earth Simnavaz (Trend Micro), EUROPIUM (Microsoft) Origin: Iran Suspected sponsor: Iranian Ministry of Intelligence (MOIS — Vezarat-e Ettela’at va Amniat-e Keshvar) Sophistication level: High (confirmed APT, persistent operations…
