Cyber Resilience

Threat actor · all actors

AgriusG1030 state

🇮🇷 IR

aka Agrius, Pink Sandstorm, AMERICIUM, Agonizing Serpens, BlackShadow

Last updated: 2026-07-03

0attributed CVEs
30ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation: SentinelOne Agrius 2021)(Citation: CheckPoint Agrius 2023) Public reporting has linked [Agrius](https://attack.mitre.org/groups/G1030) to Iran's Ministry of Intelligence and Security (MOIS).(Citation: Microsoft Iran Cyber 2023)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-424 / 3080%
AC-321 / 3070%
AC-220 / 3067%
AC-620 / 3067%
CM-220 / 3067%
CM-620 / 3067%
AC-516 / 3053%
IA-215 / 3050%
SI-315 / 3050%
CA-714 / 3047%
CM-513 / 3043%
CM-713 / 3043%
RA-511 / 3037%
IA-59 / 3030%
SI-79 / 3030%

Co-occurring actors

None.

Similar actors

Same nation-state