Curious Serpens

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Curious Serpens, also known by various other names such as Peach Sandstorm, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor believed to be affiliated with Iran. This group has been active since at least 2013, engaging in cyber espionage activities primarily against the aerospace and energy sectors. The cybersecurity industry identifies this group under different monikers due to its diverse and sophisticated set of malicious tools and tactics. The group recently developed a new backdoor named FalseFont, as reported by Unit 42. This advanced persistent threat (APT) group's use of FalseFont showcases their evolving capabilities and continuous efforts to enhance their cyber-espionage tactics. Technical analysis of FalseFont reveals it as a powerful tool for infiltrating target systems, further demonstrating Curious Serpens' potential threat to organizations within their interest areas. The discovery of the FalseFont backdoor underscores the need for robust cybersecurity measures. Organizations, especially those operating within the aerospace and energy sectors, should remain vigilant against such threats. Given the suspected Iranian affiliation and the history of targeted attacks, it is crucial to monitor for signs of Curious Serpens activity, including the deployment of FalseFont and other associated malware.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Curious Serpens Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
2 months ago
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention