Description
[Ajax Security Team](https://attack.mitre.org/groups/G0130) is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 [Ajax Security Team](https://attack.mitre.org/groups/G0130) transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.(Citation: FireEye Operation Saffron Rose 2013)
Techniques Used (TTPs)
- T1056.001 — Keylogging (collection, credential-access)
- T1566.003 — Spearphishing via Service (initial-access)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1204.002 — Malicious File (execution)
- T1555.003 — Credentials from Web Browsers (credential-access)
- T1105 — Ingress Tool Transfer (command-and-control)
Total TTPs: 6