Magnallium

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Magnallium, also known as Elfin, is a significant threat actor that has been active in the cybersecurity landscape. This entity, which could be an individual, a private company, or part of a government organization, has been identified as executing actions with malicious intent. A noticeable surge in its activity was observed in early to mid-2019, aligning it with similar patterns seen with other threat groups such as HEXANE and CHRYSENE. The lack of standard naming conventions in the cybersecurity industry can lead to confusion, but regardless of nomenclature, the activities of Magnallium pose a substantial risk. The similarities between the activities of Magnallium and those of HEXANE and CHRYSENE are noteworthy. These parallels suggest potential shared tactics, techniques, or procedures (TTPs) among these groups or possibly even common origins or affiliations. Understanding these connections could provide valuable insights into the broader threat landscape and aid in the development of more effective defensive strategies. Despite the increased activity of Magnallium, PARISITE, another threat actor, does not currently appear to have an Industrial Control System (ICS)-specific disruptive or destructive capability. Instead, it seems to function primarily as a tool for initial access, enabling further operations for Magnallium. This relationship suggests a level of cooperation or coordination among threat actors, underscoring the complexity of the cybersecurity landscape and the need for robust, multi-faceted defense strategies.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Elfin
1
Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Dragos
Ics
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HEXANEUnspecified
1
Hexane is a threat actor originating from the Middle East and Africa (MEA) region, involved in malicious cyber activities with the intent of espionage. The group has been active since at least 2019, showing similarities to other activity groups like MAGNALLIUM and CHRYSENE. Hexane primarily targets
ParisiteUnspecified
1
Parisite, also known as Fox Kitten, Pioneer Kitten, or UNC757, is a threat actor believed to be associated with the Iranian government. This group has been operational since at least 2017, exhibiting activities targeting a broad geographic range including entities in the US, the Middle East, Europe,
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Magnallium Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Connect the Dots on State-Sponsored Cyber Incidents - APT 33
MITRE
a year ago
PARISITE Threat Group | Dragos
MITRE
a year ago
EXANE Threat Group | Dragos