Cleaver is a threat actor attributed to IR, also known as TG-2889, Operation Cleaver, G0003. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Cleaver exploit?

Specific CVE exploitation data for Cleaver is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Cleaver

Also known as: TG-2889, Operation Cleaver, G0003, Tarh Andishan, Alibaba, Cobalt Gypsy, Op Cleaver

Exploited CVEs

Overview

A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database