Threat actor · all actors
CURIUMG1012 state
🇮🇷 IR
aka CURIUM, Crimson Sandstorm, TA456, Tortoise Shell, Yellow Liderc
Last updated: 2026-07-03
About this actor
[CURIUM](https://attack.mitre.org/groups/G1012) is an Iranian threat group, first reported in September 2019 and active since at least July 2018, targeting IT service providers in the Middle East.(Citation: Symantec Tortoiseshell 2019) [CURIUM](https://attack.mitre.org/groups/G1012) has since invested in building relationships with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note [CURIUM](https://attack.mitre.org/groups/G1012) has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness.(Citation: Microsoft Iranian Threat Actor Trends November 2021)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 16 / 29 | 55% |
SI-3 | 14 / 29 | 48% |
CM-2 | 13 / 29 | 45% |
CM-6 | 13 / 29 | 45% |
CA-7 | 12 / 29 | 41% |
AC-4 | 11 / 29 | 38% |
SC-7 | 11 / 29 | 38% |
AC-6 | 10 / 29 | 34% |
AC-2 | 9 / 29 | 31% |
AC-3 | 8 / 29 | 28% |
SC-44 | 7 / 29 | 24% |
SI-2 | 7 / 29 | 24% |
SI-8 | 7 / 29 | 24% |
IA-9 | 6 / 29 | 21% |
SI-10 | 6 / 29 | 21% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Star Blizzard 0.28
- EXOTIC LILY 0.28
- Transparent Tribe 0.27
- Moonstone Sleet 0.27
- Winter Vivern 0.25
Same nation-state
- HomeLand Justice 1.00
- Outer Space 1.00
- Juicy Mix 1.00
- Cleaver 1.00
- OilRig 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00