Research Roundup: APT39 Adversaries

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer).

Note: Viewing the pages linked in this blog post requires a ThreatConnect account.

In this edition, we cover:

  • APT39 / Remix Kitten / Chafer
  • Suspicious Domains using ITitch and MivoCloud
  • Mustang Panda PlugX


Roundup Highlight: APT39 Adversaries

APT39 / Remix Kitten / Chafer


Our highlight in this Roundup is Threat APT39 / Remix Kitten / Chafer. APT39 / Remix Kitten / Chafer is a threat actor group with a likely nexus to the Islamic Republic of Iran that has been active since at least 2014. The group has historically targeted the telecommunications and travel sectors. Previous reporting indicates APT39 / Remix Kitten / Chafer has been known to conduct operations to steal personal information likely in an effort to support influence operations and monitoring efforts.

On September 17, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on APT39, 45 associated individuals, and one front company for employing “a years-long malware campaign that targeted Iranian dissidents, journalists, and international companies in the travel sector.” The APT39 Threat has been updated with ATT&CK tags and associations to 45 new Adversaries to reflect the above in ThreatConnect.

ThreatConnect Research Team Intelligence: Items recently created or updated in the ThreatConnect Common Community by our Research Team.

Technical Blogs and Reports Incidents with Active and Observed Indicators: Incidents associated to one or more Indicators with an Active status and at least one global Observation across the ThreatConnect community. These analytics are provided by ThreatConnect’s CAL™ (Collective Analytics Layer).


To receive ThreatConnect notifications about any of the above, remember to check the “Follow Item” box on that item’s Details page.


ThreatConnect Research Team
About the Author
ThreatConnect Research Team

The ThreatConnect Research Team: is an elite group of globally-acknowledged cybersecurity experts, dedicated to tracking down existing and emerging cyber threats. We scrutinize trends, technology and socio-political motivators to develop comprehensive knowledge of the cyber landscape. Then, we share what we’ve learned so that you can protect your organization, and your team can take precise action against threats.