[1][2] The group has also been called Elfin Team, Refined Kitten (by Crowdstrike), Magnallium (by Dragos), Peach Sandstorm,[3] and Holmium (by Microsoft).
[1] The group is reported to use the ALFASHELL tool to send spear-phishing emails loaded with malicious HTML Application files to its targets.
[1][2] APT33 registered domains impersonating many commercial entities, including Boeing, Alsalam Aircraft Company, Northrop Grumman and Vinnell.
[2] FireEye and Kaspersky Lab noted similarities between the ShapeShift and Shamoon, another virus linked to Iran.
[1] APT33 also used Farsi in ShapeShift and DropShot, and was most active during Iran Standard Time business hours, remaining inactive on the Iranian weekend.