Yellow Liderc

Threat Actor updated 7 months ago (2024-05-04T20:55:00.812Z)

Download STIX

Preview STIX

Yellow Liderc, also known as Imperial Kitten, Tortoiseshell, TA456, and Crimson Sandstorm, is a threat actor with malicious intent. This group has been active since 2022, engaging in cyber espionage against maritime, shipping, and logistics companies primarily in the Mediterranean region. Their methods involve compromising legitimate websites and inserting malicious JavaScript, using phishing emails, and deploying .NET malware. These tactics have evolved over time, making it challenging to defend against this threat actor by merely accounting for one method of injection or type of malware. In October, PwC highlighted Yellow Liderc's latest campaign, noting that the group had been using a combination of malicious JavaScript and .NET malware to conduct espionage attacks. The group's targets are diverse, and their tactics vary, making them a significant and unpredictable cybersecurity threat. They've been known to use highly targeted emails, fake social media accounts, and watering hole attacks in their global espionage campaigns. CrowdStrike has attributed these attacks to Imperial Kitten, another name for Yellow Liderc. The Islamic Revolutionary Guard Corps-backed threat actor has shown both continuity and evolution in its tactics and tools, according to a recent blog post from PricewaterhouseCoopers. It's essential to stay vigilant about this threat actor due to their persistent and evolving strategies, which have proven effective in their globe-spanning espionage campaigns.

Description last updated: 2024-02-16T10:23:36.686Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Imperial Kitten is a possible alias for Yellow Liderc. Imperial Kitten, also known as Tortoiseshell and UNC1549, is a significant threat actor identified by cybersecurity firms CrowdStrike and Mandiant. The group has been associated with various malicious activities, including the distribution of malware through SWC, and the use of IMAPLoader and other	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Yellow Liderc Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	9 months ago	OpenAI and Microsoft Terminate State-Backed Hacker Accounts
DARKReading	a year ago	Iran APT Targets the Mediterranean With Watering-Hole Attacks
CERT-EU	a year ago	Iranian hackers launch malware attacks on Israel’s tech sector
CERT-EU	a year ago	Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
BankInfoSecurity	a year ago	Iranian Hackers Target Israeli Logistics and IT Companies