🇮🇷
Tortoiseshell
APT Group
Information theft and espionage
13 zero-day CVEs
ETDA ✓
Also Known As 10 names
CURIUM
Crimson Sandstorm
Cuboid Sandstorm
DUSTYCAVE
IMPERIAL KITTEN
Imperial Kitten
Smoke Sandstorm
TA456
Yellow Liderc
DEV-0228
Target Countries 2
Countries highlighted in red
Saudi Arabia
United States
Sectors Targeted
Aerospace
Religious Organizations
8131
Research and Development in the Social Sciences and Humanities
54172
National Security and International Affairs
928110
Shipping and Logistics
Computer Systems Design and Related Services
54151
Advertising Agencies
54181
Grantmaking and Giving Services
8132
Defense
Data Processing, Hosting, and Related Services
51821
Maritime and Shipbuilding
IT
Details
Origin
🇮🇷 IR
Last Updated
01 Jul 2025
Malware Families 3
imap_loader
liderc
syskit
MITRE ATT&CK 66
T1003
T1003.006 - DCSync
T1005
T1011
T1027
T1036
T1037
T1041 - Exfiltration Over C2 Channel
T1048
T1048.002
T1053
T1055
T1056
T1059
T1059.001
T1071
T1078 - Valid Accounts
T1082
T1090 - Proxy
T1095
T1102
T1104
T1105
T1110.003 - Password Spraying
T1112
T1113 - Screen Capture
T1119
T1124
T1127
T1137
T1140
T1189
T1199 - Trusted Relationship
T1204
T1204.002
T1213.002 - Sharepoint
T1505
T1505.003
T1518
T1547
T1547.001
T1566
T1566.001
T1566.003
T1568
T1573
T1574.001 - DLL Search Order Hijacking
T1583
T1583.001
T1583.003
T1583.004 - Server
T1584
T1584.004 - Server
T1584.006
T1585
T1585.001
T1585.002
T1588
T1590
T1591 - Gather Victim Org Information
T1592 - Gather Victim Host Information
T1595 - Active Scanning
T1598
T1598.003 - Spearphishing Link
T1608
T1608.004