Helix Kitten (also known as APT34 by FireEye, OILRIG, Crambus, Cobalt Gypsy, Hazel Sandstorm, or EUROPIUM) is a hacker group identified by CrowdStrike as Iranian.

The group has reportedly been active since at least 2014. It has targeted many of the same organizations as Advanced Persistent Threat 33, according to John Hultquist.

In April 2019, APT34's cyber-espionage tools' source code was leaked through Telegram.

The group has reportedly targeted organizations in the financial, energy, telecommunications, and chemical industries, as well as critical infrastructure systems.

APT34 reportedly uses Microsoft Excel macros, PowerShell-based exploits and social engineering to gain access to its targets.