CURIUM

Threat Actor updated 7 months ago (2024-05-04T18:31:27.807Z)

Download STIX

Preview STIX

Curium, also known as Crimson Sandstorm, is an Iranian threat actor group that has been meticulously targeting users over time. Unlike other threat actors who commonly utilize phishing emails, Curium employs a unique approach by creating a network of fictitious social media accounts to build trust with their targets before delivering malware. The group's patience and unconventional methods highlight their strategic sophistication in executing cyber attacks. The Tel Aviv-based cybersecurity company, ClearSky, has attributed the attacks to this Iranian threat actor with low confidence. Curium is also tracked under several other names including Tortoiseshell, Imperial Kitten, and TA456. This multiplicity of aliases further complicates tracking and attribution efforts, underscoring the group's elusive nature and the broader challenges faced in the cybersecurity field. In unrelated news, a new Miner Pool app called "Curium" by Bluzelle has been introduced, as reported on HackRead.com. This application aims to simplify cryptocurrency earning processes. It's important to note that despite sharing the same name, there is no connection between the threat actor Curium (Crimson Sandstorm) and Bluzelle's Curium app.

Description last updated: 2024-02-22T17:16:08.317Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Crimson Sandstorm is a possible alias for CURIUM. Crimson Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran, has been identified as a significant threat actor in the cybersecurity landscape. This entity, potentially connected to the Islamic Revolutionary Guard Corps and active since at least 2017, targets victims across diverse se	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CURIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Bluzelle’s Curium App Makes Crypto Earning Effortless
MITRE	a year ago	Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 \| Microsoft Security Blog
CERT-EU	a year ago	Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry - GIXtools