Threat Actor Profile

Cleaver

State-sponsored threat group originating from IR. Suspected sponsor: Iran (Islamic Republic of). Known to target Private sector, Government. Uses 10 known MITRE ATT&CK techniques.

10 TTPs Mapped 2 Industries Tracked Real-Time Alerts

OriginIR

10MITRE TTPs

2Sectors Hit

Actor Overview

Origin Country

Suspected Sponsor

Iran (Islamic Republic of)

Incident Types

Espionage

Known Techniques

10 TTPs

Target Industries

Private sectorGovernment

Suspected Victims

CanadaFranceIsraelMexicoSaudi ArabiaChinaGermanyUnited StatesPakistanSouth KoreaUnited KingdomIndiaKuwaitQatarTurkey

MITRE ATT&CK Techniques

T1557T1557.002T1587T1587.001T1585T1585.001T1588T1588.002T1003T1003.001

Related Threat Reports

Premium

APT Campaign Analysis - Q4 2025Dec 2025

New Tactics Observed in WildDec 2025

Infrastructure Mapping ReportDec 2025

Stay Updated

Get alerts when new intel on Cleaver is published.

Actor Details

Primary Name

Cleaver

Known Aliases

Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, TG-2889, Cobalt Gypsy, G0003

Data Source

Precursor Intelligence

Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →