During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named Ganjavi Global Marketing Services (GGMS).  They meticulously targeted enterprises, employing a variant of the SideTwist Trojan to gain sustained control over victim hosts. A Glimpse into APT34 APT34, an Advanced Persistent Threat (APT) group active since 2014, specializes in cyber espionage and sabotage.  Operating primarily in the Middle East, they target diverse sectors such as finance, government, energy, chemicals, and telecommunications.  APT34 possesses advanced attack capabilities, tailoring intrusion methods for different targets and even demonstrating supply chain attack proficiency.  Following the exposure of their primary attack tools in a 2019 leak, APT34 began developing new tools, including RDAT, SideTwist, and Saitama.

Source: GBHackers