Curious Serpens

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Curious Serpens, also known by various other names such as Peach Sandstorm, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor believed to be affiliated with Iran. This group has been active since at least 2013, engaging in cyber espionage activities primarily against the aerospace and energy sectors. The cybersecurity industry identifies this group under different monikers due to its diverse and sophisticated set of malicious tools and tactics. The group recently developed a new backdoor named FalseFont, as reported by Unit 42. This advanced persistent threat (APT) group's use of FalseFont showcases their evolving capabilities and continuous efforts to enhance their cyber-espionage tactics. Technical analysis of FalseFont reveals it as a powerful tool for infiltrating target systems, further demonstrating Curious Serpens' potential threat to organizations within their interest areas. The discovery of the FalseFont backdoor underscores the need for robust cybersecurity measures. Organizations, especially those operating within the aerospace and energy sectors, should remain vigilant against such threats. Given the suspected Iranian affiliation and the history of targeted attacks, it is crucial to monitor for signs of Curious Serpens activity, including the deployment of FalseFont and other associated malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Peach Sandstorm
1
Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
HOLMIUM
1
Holmium, also known as Curious Serpens, Peach Sandstorm, APT33, Elfin, Magnallium, and Refined Kitten, is a threat actor that has been active since at least 2013. This group has been identified as having malicious intent and is often associated with cyber-espionage activities. They are believed to b
Elfin
1
Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target
Refined Kitten
1
Refined Kitten, also known as APT33, Peach Sandstorm, Elfin, HOLMIUM, and MAGNALIUM, is a threat actor group that has been active since at least 2013. Operating under various aliases, this group has been linked to several cyber espionage activities, primarily associated with the Iranian government.
APT33
1
APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s
Magnalium
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Curious Serpens Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
4 months ago
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention