APT33
APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.8
Low signal strength
Mentions1
Sources1
High conf.1
Last seenMay 2026
First observed
2018-04-18
Last active
—
Origin
Iran
Aliases
4
Techniques
31
Campaigns
0
Iran
Attribution signals
1 mention · 1 source#1carried outhigh
VictimologyTTP match
socradar
May 2026
"Iranian state-sponsored actor Peach Sandstorm (also tracked as APT33, Refined Kitten, and HOLMIUM) carried out a sustained password spraying campaign against organizations in the defense, space, education, and government sectors in the United States and Australia."
Hedge terms observed
carried out