Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm,[1] or EUROPIUM)[2] is a hacker group identified by CrowdStrike as Iranian.
[3] It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.
[3] In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.
[5][6] The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.
[3] APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.