APT39: A group which has been identified as APT39 and tied to Iran has been found to be active since 2014. It appears the APT39’s main task is the collection of personal information, which is likely then passed off to other Iranian groups for other operations. APT39 are actively targeting telecom and IT entities and focusing on the theft of PII. The group has been stealing phone logs, employee records, passport and visa data, and airline records. This kind of information is likely being evaluated as it would provide valuable targeting information for further cyber-attacks as well as real-world operations. A number of Iranian operations have primarily targeted their neighbors in the region, APT39 however has been found to be much farther reaching. So far operations have been confirmed in Saudi Arabia, Iraq, Egypt, Turkey, and the United Arab Emirates. It is also believed that they are behind infiltrations in Norway, South Korea, Australia, and the United States.
