Ta456

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
TA456, also known as Imperial Kitten, Tortoiseshell, and Crimson Sandstorm, is a threat actor believed to be based in Iran. This group has been implicated in various cyber-espionage activities, leveraging social engineering tactics and malware distribution to compromise their targets. In one notable instance, they created a fake profile of an attractive girl on a social media platform to gain the trust of government employees. Using this approach, they were able to distribute spyware to these individuals, thereby infiltrating their systems. The cybersecurity firm Proofpoint has linked TA456 with the Tehran-based company Mahak Rayan Afraz. It is suggested that the group uses this company as a front to communicate with the Islamic Revolutionary Guard Corps (IRGC). This connection further substantiates the assumption that TA456 is not just a random collection of hackers, but rather a well-organized entity possibly supported by state-level resources. ClearSky, a Tel Aviv-based cybersecurity company, has attributed these attacks to TA456, albeit with low confidence. Despite the uncertainty around the exact identity of the threat actor, the consistent attribution to Iranian entities suggests a significant likelihood of Iranian involvement. Regardless of the specific identity, the actions of TA456 pose a significant threat to government and corporate security, underlining the need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Tortoiseshell
1
Tortoiseshell is a prominent threat actor associated with multiple Iranian Advanced Persistent Threat (APT) groups, including MASN. It has been linked to a multi-year cyberattack campaign that targeted over a dozen US companies and government entities, including the Department of the Treasury. The c
Crimson Sandstorm
1
Crimson Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran, has been identified as a significant threat actor in the cybersecurity landscape. This entity, potentially connected to the Islamic Revolutionary Guard Corps and active since at least 2017, targets victims across diverse se
CURIUM
1
Curium, also known as Crimson Sandstorm, is an Iranian threat actor group that has been meticulously targeting users over time. Unlike other threat actors who commonly utilize phishing emails, Curium employs a unique approach by creating a network of fictitious social media accounts to build trust w
Imperial Kitten
1
Imperial Kitten, also known as Tortoiseshell and UNC1549, is a significant threat actor identified by cybersecurity firms CrowdStrike and Mandiant. The group has been associated with various malicious activities, including the distribution of malware through SWC, and the use of IMAPLoader and other
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Iran
Spyware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CrimsonUnspecified
1
Crimson is a type of malware that has been used in various cyber-espionage campaigns, notably by ProjectM. The malware was first observed in 2013 and has been continuously employed in attacks alongside other payloads like Capra RAT and Oblique RAT. ProjectM used multiple domains to control the Crims
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ta456 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
8 months ago
Iranian Hackers Target Israeli Logistics and IT Companies
CERT-EU
a year ago
Cybersecurity threatscape in the Middle East: 2022-2023
CERT-EU
a year ago
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry - GIXtools