CURIUM

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Curium, also known as Crimson Sandstorm, is an Iranian threat actor group that has been meticulously targeting users over time. Unlike other threat actors who commonly utilize phishing emails, Curium employs a unique approach by creating a network of fictitious social media accounts to build trust with their targets before delivering malware. The group's patience and unconventional methods highlight their strategic sophistication in executing cyber attacks. The Tel Aviv-based cybersecurity company, ClearSky, has attributed the attacks to this Iranian threat actor with low confidence. Curium is also tracked under several other names including Tortoiseshell, Imperial Kitten, and TA456. This multiplicity of aliases further complicates tracking and attribution efforts, underscoring the group's elusive nature and the broader challenges faced in the cybersecurity field. In unrelated news, a new Miner Pool app called "Curium" by Bluzelle has been introduced, as reported on HackRead.com. This application aims to simplify cryptocurrency earning processes. It's important to note that despite sharing the same name, there is no connection between the threat actor Curium (Crimson Sandstorm) and Bluzelle's Curium app.
What's your take? (Question 1 of 0)
1d476f0f-7f30-4ac3-88fb-e327203ad6a7 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Crimson Sandstorm
2
Crimson Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran, has been identified as a significant threat actor in the cybersecurity landscape. This entity, potentially connected to the Islamic Revolutionary Guard Corps and active since at least 2017, targets victims across diverse se
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CURIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
6 months ago
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 | Microsoft Security Blog
CERT-EU
3 months ago
Bluzelle’s Curium App Makes Crypto Earning Effortless
CERT-EU
a year ago
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry - GIXtools