Threat Actor Profile
High
APT
Description
Ajax Security Teamis a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014Ajax Security Teamtransitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.[1]
Confidence Score
Tags
mitre-attack
crawled
web-source
mitre-group
First Seen
Unknown
Last Updated
April 29, 2026
18 hours, 42 minutes ago
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (5)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': [],
'description': 'Ajax Security Teamis a group that has been active since at '
'least 2010 and believed to be operating out of Iran. By '
'2014Ajax Security Teamtransitioned from website defacement '
'operations to malware-based cyber espionage campaigns '
'targeting the US defense industrial base and Iranian users of '
'anti-censorship technologies.[1]',
'external_references': [{'external_id': 'G0130',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0130/'}],
'id': 'threat-actor--G0130',
'metadata': {'crawled_at': '2026-04-29T14:32:20.666762+00:00',
'mitre_group_id': 'G0130',
'page_title': 'Ajax Security Team, Operation Woolen-Goldfish, '
'AjaxTM, Rocket Kitten, Flying Kitten, Operation '
'Saffron Rose, Group G0130 | MITRE ATT&CK®'},
'name': 'Ajax Security Team',
'type': 'threat-actor'}