Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07

September 17, 2020

Rana Intelligence Computing Company, also known as Rana Corp, is a Ministry of Intelligence and Security (MOIS) front company in Tehran, Iran that conducts malicious cyber activity. It is known in the public domain as Advanced Persistent Threat (APT) 39, Chafer, Cadelspy, Remexi, and ITG07.

Rana’s cyber targeting has been both global in scale and internal to Iran, including hundreds of individuals and entities from more than 30 different countries across Asia, Africa, Europe, and North America. It has targeted more than 15 US companies, primarily in the travel industry, and used this access to track the movements of individuals whom the MOIS considers a threat. It has also targeted foreign citizens, foreign governments, and foreign institutions and companies primarily in the travel, hospitality, academic, and telecommunications industries.

[...]

Attachment: