Introduction
CURIUM is an Iranian threat group, first reported in September 2019 and active since at least July 2018, targeting IT service providers in the Middle East. Symantec Tortoiseshell 2019 CURIUM has since invested in building relationships with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note CURIUM has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness. Microsoft Iranian Threat Actor Trends November 2021
Activities and Tactics
Targeted Sectors: Defense, Government, Military, Finance, Energy, Healthcare, Pharmaceuticals, Telecoms, High-Tech, Media, NGOs, Civil Society, Legal, Rail, Transportation
Country of Origin: 🇮🇷 Iran
Incident Type: Espionage
Suspected Victims: United States, Israel, Middle East, Europe
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: Iran Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Symantec Tortoiseshell 2019 [3] Microsoft Iranian Threat Actor Trends November 2021