CURIUM
CURIUM is an Iranian threat group, first reported in September 2019 and active since at least July 2018, targeting IT service providers in the Middle East. CURIUM has since invested in building relationships with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note CURIUM has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
1 mention · 1 source"We attribute this activity to Crimson Collective based on IPs associated with the group that were used to scan the victim's ASA firewalls, as well as an overlap of observed tactics and techniques with publicly reported Crimson Collective attacks."
Hedge terms observed