CURIUM

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Curium, also known as Crimson Sandstorm, is an Iranian threat actor group that has been meticulously targeting users over time. Unlike other threat actors who commonly utilize phishing emails, Curium employs a unique approach by creating a network of fictitious social media accounts to build trust with their targets before delivering malware. The group's patience and unconventional methods highlight their strategic sophistication in executing cyber attacks. The Tel Aviv-based cybersecurity company, ClearSky, has attributed the attacks to this Iranian threat actor with low confidence. Curium is also tracked under several other names including Tortoiseshell, Imperial Kitten, and TA456. This multiplicity of aliases further complicates tracking and attribution efforts, underscoring the group's elusive nature and the broader challenges faced in the cybersecurity field. In unrelated news, a new Miner Pool app called "Curium" by Bluzelle has been introduced, as reported on HackRead.com. This application aims to simplify cryptocurrency earning processes. It's important to note that despite sharing the same name, there is no connection between the threat actor Curium (Crimson Sandstorm) and Bluzelle's Curium app.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Crimson Sandstorm
2
Crimson Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran, has been identified as a significant threat actor in the cybersecurity landscape. This entity, potentially connected to the Islamic Revolutionary Guard Corps and active since at least 2017, targets victims across diverse se
Tortoiseshell
1
Tortoiseshell is a prominent threat actor associated with multiple Iranian Advanced Persistent Threat (APT) groups, including MASN. It has been linked to a multi-year cyberattack campaign that targeted over a dozen US companies and government entities, including the Department of the Treasury. The c
Ta456
1
TA456, also known as Imperial Kitten, Tortoiseshell, and Crimson Sandstorm, is a threat actor believed to be based in Iran. This group has been implicated in various cyber-espionage activities, leveraging social engineering tactics and malware distribution to compromise their targets. In one notable
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Hackread
Phishing
Iran
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CrimsonUnspecified
1
Crimson is a type of malware that has been used in various cyber-espionage campaigns, notably by ProjectM. The malware was first observed in 2013 and has been continuously employed in attacks alongside other payloads like Capra RAT and Oblique RAT. ProjectM used multiple domains to control the Crims
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CURIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Bluzelle’s Curium App Makes Crypto Earning Effortless
MITRE
7 months ago
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 | Microsoft Security Blog
CERT-EU
a year ago
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry - GIXtools