New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

APT42: Crooked Charms, Cons and Compromises

September 8, 2022

APT42 is characterized by highly targeted spear phishing and surveillance operations against individuals and organizations of strategic interest to Iran. The group's operations, which are designed to build trust and rapport with their victims, have included accessing the personal and corporate email accounts of government officials, former Iranian policymakers or political figures, members of the Iranian diaspora and opposition groups, journalists, and academics who are involved in research on Iran. After gaining access, the group has deployed mobile malware capable of tracking victim locations, recording phone conversations, accessing videos and images, and extracting entire SMS inboxes. APT42 has a demonstrated ability to alter its operational focus as Iran's priorities evolve over time. Mandiant anticipates APT42 will continue to conduct cyber espionage operations in support of Iran's strategic priorities in the long term based on their extensive operational history and imperviousness to public reporting and infrastructure takedowns.