Yellow Liderc

Threat Actor updated 23 days ago (2024-11-29T14:50:12.661Z)
Download STIX
Preview STIX
Yellow Liderc, also known as Imperial Kitten, Tortoiseshell, TA456, and Crimson Sandstorm, is a threat actor with malicious intent. This group has been active since 2022, engaging in cyber espionage against maritime, shipping, and logistics companies primarily in the Mediterranean region. Their methods involve compromising legitimate websites and inserting malicious JavaScript, using phishing emails, and deploying .NET malware. These tactics have evolved over time, making it challenging to defend against this threat actor by merely accounting for one method of injection or type of malware. In October, PwC highlighted Yellow Liderc's latest campaign, noting that the group had been using a combination of malicious JavaScript and .NET malware to conduct espionage attacks. The group's targets are diverse, and their tactics vary, making them a significant and unpredictable cybersecurity threat. They've been known to use highly targeted emails, fake social media accounts, and watering hole attacks in their global espionage campaigns. CrowdStrike has attributed these attacks to Imperial Kitten, another name for Yellow Liderc. The Islamic Revolutionary Guard Corps-backed threat actor has shown both continuity and evolution in its tactics and tools, according to a recent blog post from PricewaterhouseCoopers. It's essential to stay vigilant about this threat actor due to their persistent and evolving strategies, which have proven effective in their globe-spanning espionage campaigns.
Description last updated: 2024-02-16T10:23:36.686Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Imperial Kitten is a possible alias for Yellow Liderc. Imperial Kitten, also known as Tortoiseshell and UNC1549, is a significant threat actor identified by cybersecurity firms CrowdStrike and Mandiant. The group has been associated with various malicious activities, including the distribution of malware through SWC, and the use of IMAPLoader and other
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Yellow Liderc Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more