Refined Kitten

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Refined Kitten, also known as APT33, Peach Sandstorm, Elfin, HOLMIUM, and MAGNALIUM, is a threat actor group that has been active since at least 2013. Operating under various aliases, this group has been linked to several cyber espionage activities, primarily associated with the Iranian government. The group's activities have spanned across multiple sectors, including aerospace and energy, where they've deployed sophisticated spear-phishing attacks and malware such as SHAPESHIFT wiper. Between February and July, Refined Kitten executed a series of password spraying attacks against thousands of targets worldwide, specifically targeting defense organizations. These attacks were part of an intelligence collection campaign aimed at high-value targets. Microsoft had previously tracked this group under the name Holmium and reported these activities in September. Despite the seemingly playful naming conventions, the seriousness of their actions, which include large-scale breaches and data theft, should not be underestimated. In addition to password spraying attacks, Refined Kitten was observed attempting to deliver the new FalseFont malware in early November. This malware was targeted at various organizations within the global infrastructure that enables the research and development of military weapons, systems, subsystems, and components. The group's ongoing activity and evolving tactics highlight the persistent and sophisticated nature of state-sponsored cyber threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Peach Sandstorm
4
Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
APT33
3
APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s
HOLMIUM
3
Holmium, also known as Curious Serpens, Peach Sandstorm, APT33, Elfin, Magnallium, and Refined Kitten, is a threat actor that has been active since at least 2013. This group has been identified as having malicious intent and is often associated with cyber-espionage activities. They are believed to b
Magnalium
1
None
Elfin
1
Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target
APT28
1
APT28, also known as Fancy Bear, is a threat actor believed to be linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). This group has been implicated in several high-profile cyber-espionage activities. Notably, they were behind a large-scale malwar
Curious Serpens
1
Curious Serpens, also known by various other names such as Peach Sandstorm, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor believed to be affiliated with Iran. This group has been active since at least 2013, engaging in cyber espionage activities primarily against the aerosp
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Iran
Phishing
Malware
Backdoor
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShapeshiftUnspecified
1
Shapeshift is a sophisticated malware associated with other malicious software including DROPSHIFT, TURNEDUP, NANOCORE, NETWIRE, and ALFA Shell. This malware has been linked to APT33 (also known as Elfin or Refined Kitten), an Iranian hacking group notorious for its spear-phishing attacks against th
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Refined Kitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
4 months ago
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
CERT-EU
6 months ago
Microsoft: Iranian hackers target researchers with new MediaPl malware
CERT-EU
7 months ago
Iran's APT33 targets US defense contractors with novel malware
BankInfoSecurity
7 months ago
Iranian Hackers Peach Sandstorm Are Delivering New Backdoor
DARKReading
7 months ago
Iran's 'Peach Sandstorm' Cyberattackers Target Global Defense Network
CERT-EU
7 months ago
Rising Cyber Threats in the Middle East – A Virtual Battleground – Global Security Mag Online
CERT-EU
a year ago
Hacker Group Names Are Now Absurdly Out of Control - Slashdot
CERT-EU
10 months ago
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
BankInfoSecurity
10 months ago
Iranian Hackers Gain Sophistication, Microsoft Warns
CERT-EU
10 months ago
Global password spray attacks target thousands of organizations
CERT-EU
10 months ago
Iranian Threat Group Hits Thousands With Password Spray Campaign