LYCEUM

🔴 High
Also known as: COBALT LYCEUM, HEXANE, UNC1530, Spirlin, MYSTICDOME, siamesekitten, Chrono Kitten, Storm-0133, LYCEUM, Lyceum, Siamesekitten

Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and telecommunications sectors. Lyceum is known for using cyber espionage techniques and has been linked to other Iranian threat groups such as APT34. They have developed and deployed malware families like Shark and Milan, and have been observed using DNS tunneling and HTTPfor command and control communication.

🌍 Country Iran
Risk Level High
🎯 Incident Type Espionage
Government Energy High-Tech Telecomms Education Military Defense

Targeted Victims

Israel Middle East

Introduction

Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and telecommunications sectors. Lyceum is known for using cyber espionage techniques and has been linked to other Iranian threat groups such as APT34. They have developed and deployed malware families like Shark and Milan, and have been observed using DNS tunneling and HTTPfor command and control communication.

Activities and Tactics

Targeted Sectors: Government, Energy, High-Tech, Telecomms, Education, Military, Defense

Country of Origin: 🇮🇷 Iran

Risk Level: High

Incident Type: Espionage

Suspected Victims: Israel, Middle East

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate
  • Cyber Eye RAT
  • SharK
  • Milan

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

References pending cataloguing.