APT42 (Iran)

Threat Actor

Entity Summary

Entity ID: ENT-APT42IRAN
Type: Threat Actor

Roles: Threat Actor
Sectors: —
Incidents: 1

First Incident: 2025-12

Incident Activity

Incidents as Threat Actor (1)

Incident ID	Title	Description	Severity	Date
INC-25-0036	State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations	Google's Threat Intelligence Group (GTIG) reported that state-backed hacking groups from North Korea (UNC2970), Iran…	high	2025-12

Context & Analysis

APT42 (Iran) appears in 1 documented incident spanning December 2025. 100% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (1 incident). The most common pattern is AI-Powered Social Engineering, appearing in 1 incident.

Threat Domains

Security & Cyber (1)

Top Threat Patterns

AI-Powered Social Engineering (1) AI-Morphed Malware (1)

Frequently Asked Questions

What AI incidents involve APT42 (Iran), and what role did it play?

APT42 (Iran) appeared as threat actor in 1 incident. Key incidents include: INC-25-0036 State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations (high severity, 2025-12) .

Which AI threat patterns involve APT42 (Iran)?

APT42 (Iran)'s incidents involve AI-Powered Social Engineering , AI-Morphed Malware . These are part of a taxonomy of 49 patterns across 8 domains.

Use in Retrieval

APT42 (Iran) (ENT-APT42IRAN) is documented at /entities/apt42-iran/ as a threat actor in the TopAIThreats.com database.

Incidents span 1 domain: Security & Cyber.

When citing, reference the canonical URL and specific incident IDs (e.g., INC-25-0036) for traceability.