{
	"id": "e988c872-15a5-4b9e-9921-0af5268b1db9",
	"created_at": "2026-04-06T00:19:53.222363Z",
	"updated_at": "2026-04-10T03:36:18.198128Z",
	"deleted_at": null,
	"sha1_hash": "34aa7123c2690d18e5dcae517912cf0f05764159",
	"title": "Cyber Operations Tracker",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35940,
	"plain_text": "Cyber Operations Tracker\r\nArchived: 2026-04-05 18:29:01 UTC\r\nAffiliations\r\nAlso known as Cutting Kitten and Group 41\r\nThis threat actor targets governments and private sector entities for espionage and sabotage purposes. It is\r\nbelieved to be responsible for compromising U.S. Navy computers at the Navy Marine Corps Intranet in San\r\nDiego, the U.S. energy company Calpine Corporation, Saudi Aramco, Pemex, Qatar Airways, and Korean Air\r\n(http://www.reuters.com/article/2014/12/02/us-cybersecurity-iran-idUSKCN0JG18I20141202)\r\nCanada, China, United Kingdom, France, Germany, India, Israel, United States, Kuwait, Mexico, Pakistan,\r\nQatar, Saudi Arabia, South Korea, Turkey\r\nSuspected state sponsor\r\nIran (Islamic Republic of)\r\nType of incident\r\nEspionage\r\nTarget category\r\nGovernment\r\nPrivate sector\r\nVictim government reaction\r\nUnknown\r\nSuspected state sponsor response\r\nDenial\r\nRead more\r\nhttps://www.cfr.org/cyber-operations/operation-cleaver\r\nPage 1 of 4\n\nOperation Cleaver\r\nhttps://www.cfr.org/cyber-operations/operation-cleaver\r\nPage 2 of 4\n\nWhois Clever Kitten\r\nhttps://www.cfr.org/cyber-operations/operation-cleaver\r\nPage 3 of 4\n\nHacker Group Creates Network of Fake LinkedIn Profiles\r\nSource: https://www.cfr.org/cyber-operations/operation-cleaver\r\nhttps://www.cfr.org/cyber-operations/operation-cleaver\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.cfr.org/cyber-operations/operation-cleaver"
	],
	"report_names": [
		"operation-cleaver"
	],
	"threat_actors": [
		{
			"id": "60c270f9-5aa8-41d5-850c-6003135c5815",
			"created_at": "2023-01-06T13:46:38.687298Z",
			"updated_at": "2026-04-10T02:00:03.068415Z",
			"deleted_at": null,
			"main_name": "Clever Kitten",
			"aliases": [
				"Group 41"
			],
			"source_name": "MISPGALAXY:Clever Kitten",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "25bd25be-762c-404c-be9e-b11f074b34dd",
			"created_at": "2022-10-25T16:07:23.470771Z",
			"updated_at": "2026-04-10T02:00:04.621239Z",
			"deleted_at": null,
			"main_name": "Clever Kitten",
			"aliases": [
				"Group 41"
			],
			"source_name": "ETDA:Clever Kitten",
			"tools": [
				"Acunetix Web Vulnerability Scanner",
				"RC SHELL"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "49f1ada0-181f-4e89-a449-e6bc13c8c6b1",
			"created_at": "2022-10-25T15:50:23.561511Z",
			"updated_at": "2026-04-10T02:00:05.382592Z",
			"deleted_at": null,
			"main_name": "Cleaver",
			"aliases": [
				"Threat Group 2889",
				"TG-2889"
			],
			"source_name": "MITRE:Cleaver",
			"tools": [
				"Net Crawler",
				"PsExec",
				"TinyZBot",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "9663cdbf-646e-4579-881a-a8ebc3aabf63",
			"created_at": "2023-01-06T13:46:38.360862Z",
			"updated_at": "2026-04-10T02:00:02.942852Z",
			"deleted_at": null,
			"main_name": "Cutting Kitten",
			"aliases": [
				"ITsecTeam"
			],
			"source_name": "MISPGALAXY:Cutting Kitten",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31",
			"created_at": "2023-01-06T13:46:38.376868Z",
			"updated_at": "2026-04-10T02:00:02.949077Z",
			"deleted_at": null,
			"main_name": "Cleaver",
			"aliases": [
				"G0003",
				"Operation Cleaver",
				"Op Cleaver",
				"Tarh Andishan",
				"Alibaba",
				"TG-2889",
				"Cobalt Gypsy"
			],
			"source_name": "MISPGALAXY:Cleaver",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "217c588a-5896-4335-b9ec-a516ae2f9a7e",
			"created_at": "2022-10-25T16:07:23.513775Z",
			"updated_at": "2026-04-10T02:00:04.635263Z",
			"deleted_at": null,
			"main_name": "Cutting Kitten",
			"aliases": [
				"Cutting Kitten",
				"G0003",
				"Operation Cleaver",
				"TG-2889"
			],
			"source_name": "ETDA:Cutting Kitten",
			"tools": [
				"CsExt",
				"DistTrack",
				"IvizTech",
				"Jasus",
				"KAgent",
				"Logger Module",
				"MANGOPUNCH",
				"MPK",
				"MPKBot",
				"Net Crawler",
				"NetC",
				"PVZ-In",
				"PVZ-Out",
				"Pupy",
				"PupyRAT",
				"PvzOut",
				"Shamoon",
				"SynFlooder",
				"SysKit",
				"TinyZBot",
				"WndTest",
				"pupy",
				"zhCat",
				"zhMimikatz"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434793,
	"ts_updated_at": 1775792178,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/34aa7123c2690d18e5dcae517912cf0f05764159.pdf",
		"text": "https://archive.orkl.eu/34aa7123c2690d18e5dcae517912cf0f05764159.txt",
		"img": "https://archive.orkl.eu/34aa7123c2690d18e5dcae517912cf0f05764159.jpg"
	}
}