Menu
Browse

Cyber Threat Actor: Parisite

Actor Type Location Known Incidents
 Icon
Nation State
Iran
1 incident
Profile

Parisite is an alias used by an Iranian state‑sponsored hacking group that has been publicly linked to the Magnallium cluster, also known as APT33. The group’s location is identified as Iran, and it operates under the direction of the Iranian government. Public reporting treats Parisite as part of the same threat ecosystem that includes Magnallium, sharing infrastructure, tools, and operational goals.

Observed activity shows Parisite focusing on critical infrastructure targets, most notably a sustained intrusion campaign against a United States electric utility and other critical infrastructure entities in 2019. The group’s primary aim in that campaign was to establish persistent network access through credential‑based and vulnerability‑based techniques. Historically, the actors behind Parisite have used the footholds they gain to deploy wiper malware that erases data and disrupts business operations in other victims, a pattern noted in the same reporting.

The tactics, techniques and procedures associated with Parisite include password‑spraying attacks against large numbers of user accounts and the exploitation of known vulnerabilities in virtual private network (VPN) software to gain initial entry. In past operations the group has employed wiper malware families to destroy data on compromised systems, demonstrating a destructive capability beyond mere espionage. Attribution to Iran is based on the group’s classification as an Iranian state‑sponsored actor and its repeated association with the Magnallium/APT33 cluster. The 2019 intrusion against the US electric sector stands as a representative campaign illustrating Parisite’s focus on critical infrastructure and its reliance on password spraying and VPN exploitation as initial access vectors.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources